diff --git a/docs/cce/umn/ALL_META.TXT.json b/docs/cce/umn/ALL_META.TXT.json index db107d385..1d24509ed 100644 --- a/docs/cce/umn/ALL_META.TXT.json +++ b/docs/cce/umn/ALL_META.TXT.json @@ -27,14 +27,14 @@ "node_id":"cce_productdesc_0001.xml", "product_code":"cce", "code":"2", - "des":"Cloud Container Engine (CCE) is a hosted Kubernetes cluster service for enterprises. It offers complete lifecycle management for containerized applications and delivers s", + "des":"Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the enter lifecycle of containerized applications and delivers scalable, ", "doc_type":"usermanual2", "kw":"What Is CCE?,Service Overview,User Guide", "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"What Is CCE?", @@ -51,8 +51,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Product Advantages", @@ -69,8 +69,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Application Scenarios", @@ -81,14 +81,14 @@ "node_id":"cce_productdesc_0007.xml", "product_code":"cce", "code":"5", - "des":"In CCE, you can run clusters with x86 and Arm nodes. Create and manage Kubernetes clusters. Deploy containerized applications in them. All done in CCE.Containerized web a", + "des":"CCE clusters enable the management of both x86 and Arm resources. With CCE, you can effortlessly create Kubernetes clusters, deploy containerized applications, and effect", "doc_type":"usermanual2", "kw":"Containerized Application Management,Application Scenarios,User Guide", "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Containerized Application Management", @@ -99,14 +99,14 @@ "node_id":"cce_productdesc_0021.xml", "product_code":"cce", "code":"6", - "des":"Shopping apps and websites, especially during promotions and flash salesLive streaming, where service loads often fluctuateGames, where many players may go online in cert", + "des":"Shopping apps and websites, especially during promotionsLive streaming, where service loads often fluctuateGames, where many players may go online in certain time periods", "doc_type":"usermanual2", "kw":"Auto Scaling in Seconds,Application Scenarios,User Guide", "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Auto Scaling in Seconds", @@ -123,8 +123,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"DevOps and CI/CD", @@ -141,62 +141,62 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Hybrid Cloud", "githuburl":"" }, + { + "uri":"cce_productdesc_0002.html", + "node_id":"cce_productdesc_0002.xml", + "product_code":"cce", + "code":"9", + "des":"CCE permissions management allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of IAM and RBAC to provid", + "doc_type":"usermanual2", + "kw":"Permissions,Service Overview,User Guide", + "search_title":"", + "metedata":[ + { + "documenttype":"usermanual", + "prodname":"cce" + } + ], + "title":"Permissions", + "githuburl":"" + }, { "uri":"cce_productdesc_0005.html", "node_id":"cce_productdesc_0005.xml", "product_code":"cce", - "code":"9", + "code":"10", "des":"This section describes the notes and constraints on using CCE.After a cluster is created, the following items cannot be changed:Number of master nodes: For example, a non", "doc_type":"usermanual2", "kw":"Storage Volumes,Data sharing,Notes and Constraints,Service Overview,User Guide", "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Notes and Constraints", "githuburl":"" }, - { - "uri":"cce_productdesc_0002.html", - "node_id":"cce_productdesc_0002.xml", - "product_code":"cce", - "code":"10", - "des":"CCE allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of IAM and RBAC to provide a variety of authoriz", - "doc_type":"usermanual2", - "kw":"Permissions,Service Overview,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual" - } - ], - "title":"Permissions", - "githuburl":"" - }, { "uri":"cce_productdesc_0008.html", "node_id":"cce_productdesc_0008.xml", "product_code":"cce", "code":"11", - "des":"CCE works with the following cloud services and requires permissions to access them.", + "des":"CCE needs to be interconnected with the following cloud services. It requires permissions to access these cloud services.", "doc_type":"usermanual2", "kw":"ECS,VPC,ELB,SWR,EVS,OBS,cloud storage for data of any size,SFS,AOM,Related Services,Service Overview", "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Related Services", @@ -213,8 +213,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual", + "prodname":"cce" } ], "title":"Regions and AZs", @@ -260,20 +260,20 @@ "githuburl":"" }, { - "uri":"cce_bulletin_0061.html", - "node_id":"cce_bulletin_0061.xml", + "uri":"cce_bulletin_0098.html", + "node_id":"cce_bulletin_0098.xml", "product_code":"cce", "code":"15", - "des":"Released: Sep 3, 2023Dear users,We are pleased to announce that a brand-new CCE console is available. The new console is modern, visually appealing, and concise, providin", + "des":"Released: Oct 23, 2024CentOS has reached its end of maintenance (EOM) date, which means it will no longer receive updates or support. The CentOS public images on CCE are ", "doc_type":"usermanual2", - "kw":"CCE Console Upgrade,Product Bulletin,User Guide", + "kw":"EOM of CentOS,Product Bulletin,User Guide", "search_title":"", "metedata":[ { } ], - "title":"CCE Console Upgrade", + "title":"EOM of CentOS", "githuburl":"" }, { @@ -386,8 +386,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Introduction", @@ -404,8 +404,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Preparations", @@ -422,8 +422,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Creating a Kubernetes Cluster", @@ -440,8 +440,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Creating a Deployment (Nginx)", @@ -458,8 +458,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Deploying WordPress and MySQL That Depend on Each Other", @@ -476,8 +476,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Overview", @@ -494,8 +494,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Creating a MySQL Workload", @@ -512,8 +512,8 @@ "search_title":"", "metedata":[ { - "prodname":"cce", - "documenttype":"usermanual" + "documenttype":"usermanual2", + "prodname":"cce" } ], "title":"Creating a WordPress Workload", @@ -609,11 +609,29 @@ "title":"Kubernetes Version Release Notes", "githuburl":"" }, + { + "uri":"cce_bulletin_0095.html", + "node_id":"cce_bulletin_0095.xml", + "product_code":"cce", + "code":"34", + "des":"CCE allows you to create Kubernetes clusters 1.30. This section describes the changes made in Kubernetes 1.30.New and Enhanced FeaturesAPI Changes and RemovalsEnhanced Ku", + "doc_type":"usermanual2", + "kw":"Kubernetes 1.30 Release Notes,Kubernetes Version Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.30 Release Notes", + "githuburl":"" + }, { "uri":"cce_bulletin_0089.html", "node_id":"cce_bulletin_0089.xml", "product_code":"cce", - "code":"34", + "code":"35", "des":"CCE allows you to create Kubernetes clusters 1.29. This section describes the changes made in Kubernetes 1.29.New and Enhanced FeaturesAPI Changes and RemovalsEnhanced Ku", "doc_type":"usermanual2", "kw":"Kubernetes 1.29 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -631,7 +649,7 @@ "uri":"cce_bulletin_0068.html", "node_id":"cce_bulletin_0068.xml", "product_code":"cce", - "code":"35", + "code":"36", "des":"CCE allows you to create Kubernetes clusters 1.28. This section describes the changes made in Kubernetes 1.28.Important NotesNew and Enhanced FeaturesAPI Changes and Remo", "doc_type":"usermanual2", "kw":"Kubernetes 1.28 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -649,7 +667,7 @@ "uri":"cce_bulletin_0059.html", "node_id":"cce_bulletin_0059.xml", "product_code":"cce", - "code":"36", + "code":"37", "des":"CCE allows you to create clusters of Kubernetes 1.27. This section describes the changes made in Kubernetes 1.27 compared with Kubernetes 1.25.New FeaturesDeprecations an", "doc_type":"usermanual2", "kw":"Kubernetes 1.27 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -667,7 +685,7 @@ "uri":"cce_bulletin_0058.html", "node_id":"cce_bulletin_0058.xml", "product_code":"cce", - "code":"37", + "code":"38", "des":"This section describes the changes made in Kubernetes 1.25 compared with Kubernetes 1.23.New FeaturesDeprecations and RemovalsEnhanced Kubernetes 1.25 on CCEReferencesKub", "doc_type":"usermanual2", "kw":"Kubernetes 1.25 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -685,7 +703,7 @@ "uri":"cce_bulletin_0027.html", "node_id":"cce_bulletin_0027.xml", "product_code":"cce", - "code":"38", + "code":"39", "des":"This section describes the updates in CCE Kubernetes 1.23.Kubernetes 1.23 Release NotesFlexVolume is deprecated. Use CSI.HorizontalPodAutoscaler v2 is promoted to GA, and", "doc_type":"usermanual2", "kw":"Kubernetes 1.23 Release Notes,Kubernetes Version Release Notes,User Guide", @@ -703,7 +721,7 @@ "uri":"cce_bulletin_0026.html", "node_id":"cce_bulletin_0026.xml", "product_code":"cce", - "code":"39", + "code":"40", "des":"This section describes the updates in CCE Kubernetes 1.21.Kubernetes 1.21 Release NotesCronJob is now in the stable state, and the version number changes to batch/v1.The ", "doc_type":"usermanual2", "kw":"Kubernetes 1.21 (EOM) Release Notes,Kubernetes Version Release Notes,User Guide", @@ -721,7 +739,7 @@ "uri":"cce_whsnew_0010.html", "node_id":"cce_whsnew_0010.xml", "product_code":"cce", - "code":"40", + "code":"41", "des":"This section describes the updates in CCE Kubernetes 1.19.Kubernetes v1.19 Release NotesvSphere in-tree volumes can be migrated to vSphere CSI drivers. The in-tree vSpher", "doc_type":"usermanual2", "kw":"Kubernetes 1.19 (EOM) Release Notes,Kubernetes Version Release Notes,User Guide", @@ -739,7 +757,7 @@ "uri":"cce_whsnew_0007.html", "node_id":"cce_whsnew_0007.xml", "product_code":"cce", - "code":"41", + "code":"42", "des":"This section describes the updates in CCE Kubernetes 1.17.All resources in the apps/v1beta1 and apps/v1beta2 API versions are no longer served. Migrate to use the apps/v1", "doc_type":"usermanual2", "kw":"Kubernetes 1.17 (EOM) Release Notes,Kubernetes Version Release Notes,User Guide", @@ -757,7 +775,7 @@ "uri":"cce_10_0405.html", "node_id":"cce_10_0405.xml", "product_code":"cce", - "code":"42", + "code":"43", "des":"dockershim has been removed since Kubernetes v1.24, and Docker is not supported in v1.24 and later versions by default. Use containerd.All nodes in the CCE clusters of ve", "doc_type":"usermanual2", "kw":"Patch Version Release Notes,Cluster Overview,User Guide", @@ -775,7 +793,7 @@ "uri":"cce_10_0298.html", "node_id":"cce_10_0298.xml", "product_code":"cce", - "code":"43", + "code":"44", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Creating a Cluster", @@ -793,7 +811,7 @@ "uri":"cce_10_0342.html", "node_id":"cce_10_0342.xml", "product_code":"cce", - "code":"44", + "code":"45", "des":"CCE provides different types of clusters for you to select. The following table lists the differences between them.", "doc_type":"usermanual2", "kw":"Comparison Between Cluster Types,Creating a Cluster,User Guide", @@ -811,7 +829,7 @@ "uri":"cce_10_0028.html", "node_id":"cce_10_0028.xml", "product_code":"cce", - "code":"45", + "code":"46", "des":"On the CCE console, you can easily create Kubernetes clusters. After a cluster is created, the master node is hosted by CCE. You only need to create worker nodes. In this", "doc_type":"usermanual2", "kw":"Creating a CCE Standard/Turbo Cluster,Creating a Cluster,User Guide", @@ -829,7 +847,7 @@ "uri":"cce_10_0349.html", "node_id":"cce_10_0349.xml", "product_code":"cce", - "code":"46", + "code":"47", "des":"kube-proxy is a key component of a Kubernetes cluster. It is used for load balancing and forwarding data between a Service and its backend pods.CCE supports the iptables ", "doc_type":"usermanual2", "kw":"kube-proxy,iptables,IP Virtual Server (IPVS),forwarding modes,Comparing iptables and IPVS,Creating a", @@ -847,7 +865,7 @@ "uri":"cce_10_0140.html", "node_id":"cce_10_0140.xml", "product_code":"cce", - "code":"47", + "code":"48", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Connecting to a Cluster", @@ -865,7 +883,7 @@ "uri":"cce_10_0107.html", "node_id":"cce_10_0107.xml", "product_code":"cce", - "code":"48", + "code":"49", "des":"This section uses a CCE standard cluster as an example to describe how to access a CCE cluster using kubectl.When you access a cluster using kubectl, CCE uses kubeconfig ", "doc_type":"usermanual2", "kw":"kubectl,Intranet access,Two-Way Authentication for Domain Names,Error from server Forbidden,The conn", @@ -883,7 +901,7 @@ "uri":"cce_10_0175.html", "node_id":"cce_10_0175.xml", "product_code":"cce", - "code":"49", + "code":"50", "des":"This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.The downloaded certificate contains three files: cl", "doc_type":"usermanual2", "kw":"X.509 certificate,Accessing a Cluster Using an X.509 Certificate,Connecting to a Cluster,User Guide", @@ -901,7 +919,7 @@ "uri":"cce_10_0367.html", "node_id":"cce_10_0367.xml", "product_code":"cce", - "code":"50", + "code":"51", "des":"Subject Alternative Name (SAN) allows multiple values (including IP addresses, domain names, and so on) to be associated with certificates. A SAN is usually used by the c", "doc_type":"usermanual2", "kw":"SAN,X.509 certificate,Accessing a Cluster Using a Custom Domain Name,Connecting to a Cluster,User Gu", @@ -919,7 +937,7 @@ "uri":"cce_10_0864.html", "node_id":"cce_10_0864.xml", "product_code":"cce", - "code":"51", + "code":"52", "des":"You can bind an EIP to an API server of a Kubernetes cluster so that the API server can access the Internet.Binding an EIP to an API server for Internet access can pose a", "doc_type":"usermanual2", "kw":"Configuring a Cluster's API Server for Internet Access,Connecting to a Cluster,User Guide", @@ -933,11 +951,29 @@ "title":"Configuring a Cluster's API Server for Internet Access", "githuburl":"" }, + { + "uri":"cce_10_0744.html", + "node_id":"cce_10_0744.xml", + "product_code":"cce", + "code":"53", + "des":"In multi-tenant scenarios, CCE generates a credential (kubeconfig or X.509 certificate) for you to access the corresponding cluster. The credential contains user identity", + "doc_type":"usermanual2", + "kw":"Revoking a Cluster Access Credential,Connecting to a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Revoking a Cluster Access Credential", + "githuburl":"" + }, { "uri":"cce_10_0031.html", "node_id":"cce_10_0031.xml", "product_code":"cce", - "code":"52", + "code":"54", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Managing a Cluster", @@ -955,7 +991,7 @@ "uri":"cce_10_0213.html", "node_id":"cce_10_0213.xml", "product_code":"cce", - "code":"53", + "code":"55", "des":"CCE allows you to manage cluster parameters, through which you can let core components work under your requirements.kube-apiserverkube-controller-managerkube-scheduler", "doc_type":"usermanual2", "kw":"cluster parameters,kube-apiserver,kube-controller-manager,Modifying Cluster Configurations,Managing ", @@ -973,7 +1009,7 @@ "uri":"cce_10_0602.html", "node_id":"cce_10_0602.xml", "product_code":"cce", - "code":"54", + "code":"56", "des":"After overload control is enabled, the number of simultaneous requests is dynamically regulated according to the resource pressure on the master nodes. This ensures that ", "doc_type":"usermanual2", "kw":"overload control,Enabling Overload Control for a Cluster,Managing a Cluster,User Guide", @@ -991,7 +1027,7 @@ "uri":"cce_10_0403.html", "node_id":"cce_10_0403.xml", "product_code":"cce", - "code":"55", + "code":"57", "des":"CCE allows you to change the number of nodes managed in a cluster.A cluster that has only one master node supports fewer than 1000 worker nodes.The number of master nodes", "doc_type":"usermanual2", "kw":"Changing Cluster Scale,Managing a Cluster,User Guide", @@ -1009,7 +1045,7 @@ "uri":"cce_10_0426.html", "node_id":"cce_10_0426.xml", "product_code":"cce", - "code":"56", + "code":"58", "des":"When creating a cluster, you can customize a node security group to centrally manage network security policies. For a created cluster, you can change its default node sec", "doc_type":"usermanual2", "kw":"Changing the Default Security Group of a Node,Managing a Cluster,User Guide", @@ -1027,7 +1063,7 @@ "uri":"cce_10_0212.html", "node_id":"cce_10_0212.xml", "product_code":"cce", - "code":"57", + "code":"59", "des":"Deleting a cluster will delete the workloads and Services in the cluster, and the deleted data cannot be recovered. Before performing this operation, ensure that related ", "doc_type":"usermanual2", "kw":"Deleting a Cluster,Managing a Cluster,User Guide", @@ -1041,12 +1077,30 @@ "title":"Deleting a Cluster", "githuburl":"" }, + { + "uri":"cce_10_0927.html", + "node_id":"cce_10_0927.xml", + "product_code":"cce", + "code":"60", + "des":"Unexpected deletion of clusters can occur in practice, especially when multiple users share an account and accidentally delete clusters that do not belong to them. To pre", + "doc_type":"usermanual2", + "kw":"Preventing Cluster Deletion,Managing a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Preventing Cluster Deletion", + "githuburl":"" + }, { "uri":"cce_10_0214.html", "node_id":"cce_10_0214.xml", "product_code":"cce", - "code":"58", - "des":"If a pay-per-use cluster is not needed temporarily, hibernate it to reduce costs.After a cluster is hibernated, resources such as workloads cannot be created or managed i", + "code":"61", + "des":"If a cluster is not needed temporarily, hibernate it to reduce costs.After a cluster is hibernated, resources such as workloads cannot be created or managed in the cluste", "doc_type":"usermanual2", "kw":"Hibernating or Waking Up a Cluster,Managing a Cluster,User Guide", "search_title":"", @@ -1063,7 +1117,7 @@ "uri":"cce_10_0215.html", "node_id":"cce_10_0215.xml", "product_code":"cce", - "code":"59", + "code":"62", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Upgrading a Cluster", @@ -1081,7 +1135,7 @@ "uri":"cce_10_0197.html", "node_id":"cce_10_0197.xml", "product_code":"cce", - "code":"60", + "code":"63", "des":"CCE strictly complies with community consistency authentication. It releases three Kubernetes versions each year and offers a maintenance period of at least 24 months aft", "doc_type":"usermanual2", "kw":"cluster upgrade process,Node Priority,In-place upgrade,Process and Method of Upgrading a Cluster,Upg", @@ -1099,7 +1153,7 @@ "uri":"cce_10_0302.html", "node_id":"cce_10_0302.xml", "product_code":"cce", - "code":"61", + "code":"64", "des":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Process and Method of Upgradi", "doc_type":"usermanual2", "kw":"Deprecated APIs,Before You Start,Upgrading a Cluster,User Guide", @@ -1117,7 +1171,7 @@ "uri":"cce_10_0560.html", "node_id":"cce_10_0560.xml", "product_code":"cce", - "code":"62", + "code":"65", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Performing Post-Upgrade Verification", @@ -1135,7 +1189,7 @@ "uri":"cce_10_0568.html", "node_id":"cce_10_0568.xml", "product_code":"cce", - "code":"63", + "code":"66", "des":"After a cluster is upgraded, check whether the cluster is in the Running state.CCE automatically checks your cluster status. Go to the cluster list page and confirm the c", "doc_type":"usermanual2", "kw":"Cluster Status Check,Performing Post-Upgrade Verification,User Guide", @@ -1153,7 +1207,7 @@ "uri":"cce_10_0569.html", "node_id":"cce_10_0569.xml", "product_code":"cce", - "code":"64", + "code":"67", "des":"After a cluster is upgraded, check whether nodes in the cluster are in the Running state.CCE automatically checks your node statuses. Go to the node list page and confirm", "doc_type":"usermanual2", "kw":"Node Status Check,Performing Post-Upgrade Verification,User Guide", @@ -1171,7 +1225,7 @@ "uri":"cce_10_0567.html", "node_id":"cce_10_0567.xml", "product_code":"cce", - "code":"65", + "code":"68", "des":"After a cluster is upgraded, check whether there are any nodes that skip the upgrade in the cluster. These nodes may affect the proper running of the cluster.CCE automati", "doc_type":"usermanual2", "kw":"Node Skipping Check,Performing Post-Upgrade Verification,User Guide", @@ -1189,7 +1243,7 @@ "uri":"cce_10_0561.html", "node_id":"cce_10_0561.xml", "product_code":"cce", - "code":"66", + "code":"69", "des":"After a cluster is upgraded, check whether its services are running properly.Different services have different verification mode. Select a suitable one and verify the ser", "doc_type":"usermanual2", "kw":"Service Check,Performing Post-Upgrade Verification,User Guide", @@ -1207,7 +1261,7 @@ "uri":"cce_10_0565.html", "node_id":"cce_10_0565.xml", "product_code":"cce", - "code":"67", + "code":"70", "des":"Check whether nodes can be created in the cluster.If nodes cannot be created in your cluster after the cluster is upgraded, contact technical support.", "doc_type":"usermanual2", "kw":"New Node Check,Performing Post-Upgrade Verification,User Guide", @@ -1225,7 +1279,7 @@ "uri":"cce_10_0566.html", "node_id":"cce_10_0566.xml", "product_code":"cce", - "code":"68", + "code":"71", "des":"Check whether pods can be created on the existing nodes after the cluster is upgraded.Check whether pods can be created on new nodes after the cluster is upgraded.After c", "doc_type":"usermanual2", "kw":"New Pod Check,Performing Post-Upgrade Verification,User Guide", @@ -1243,7 +1297,7 @@ "uri":"cce_10_0210.html", "node_id":"cce_10_0210.xml", "product_code":"cce", - "code":"69", + "code":"72", "des":"This section describes how to migrate services from a cluster of an earlier version to a cluster of a later version in CCE.This operation is applicable when a cross-versi", "doc_type":"usermanual2", "kw":"Migrating Services Across Clusters of Different Versions,Upgrading a Cluster,User Guide", @@ -1261,7 +1315,7 @@ "uri":"cce_10_0550.html", "node_id":"cce_10_0550.xml", "product_code":"cce", - "code":"70", + "code":"73", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Troubleshooting for Pre-upgrade Check Exceptions", @@ -1279,7 +1333,7 @@ "uri":"cce_10_0549.html", "node_id":"cce_10_0549.xml", "product_code":"cce", - "code":"71", + "code":"74", "des":"The system automatically checks a cluster before its upgrade. If the cluster does not meet the pre-upgrade check conditions, the upgrade cannot continue. To avoid risks, ", "doc_type":"usermanual2", "kw":"Pre-upgrade Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1297,7 +1351,7 @@ "uri":"cce_10_0431.html", "node_id":"cce_10_0431.xml", "product_code":"cce", - "code":"72", + "code":"75", "des":"Check the following items:Check whether the node is available.Check whether the node OS supports the upgrade.Check whether the node is marked with unexpected node pool la", "doc_type":"usermanual2", "kw":"Node Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1315,7 +1369,7 @@ "uri":"cce_10_0432.html", "node_id":"cce_10_0432.xml", "product_code":"cce", - "code":"73", + "code":"76", "des":"Check whether the target cluster is under upgrade management.CCE may temporarily restrict the cluster upgrade due to the following reasons:The cluster is identified as th", "doc_type":"usermanual2", "kw":"Upgrade Management,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1333,8 +1387,8 @@ "uri":"cce_10_0433.html", "node_id":"cce_10_0433.xml", "product_code":"cce", - "code":"74", - "des":"Check the following items:Check whether the add-on status is normal.Check whether the add-on support the target version.Scenario 1: The add-on malfunctions.Log in to the ", + "code":"77", + "des":"Check the following items:Check whether the add-on status is normal.Check whether the add-on supports the target version.Scenario 1: The add-on malfunctions.Log in to the", "doc_type":"usermanual2", "kw":"Add-ons,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1351,7 +1405,7 @@ "uri":"cce_10_0434.html", "node_id":"cce_10_0434.xml", "product_code":"cce", - "code":"75", + "code":"78", "des":"Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavai", "doc_type":"usermanual2", "kw":"Helm Charts,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1369,7 +1423,7 @@ "uri":"cce_10_0435.html", "node_id":"cce_10_0435.xml", "product_code":"cce", - "code":"76", + "code":"79", "des":"Check whether your master nodes can be accessed using SSH.There is a low probability that the SSH connectivity check fails due to network fluctuations. Perform the pre-up", "doc_type":"usermanual2", "kw":"SSH Connectivity of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1387,7 +1441,7 @@ "uri":"cce_10_0436.html", "node_id":"cce_10_0436.xml", "product_code":"cce", - "code":"77", + "code":"80", "des":"Check the node pool status.Check whether the node pool OS or container runtime is supported after the upgrade.Scenario: The node pool malfunctions.Log in to the CCE conso", "doc_type":"usermanual2", "kw":"Node Pools,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1405,7 +1459,7 @@ "uri":"cce_10_0437.html", "node_id":"cce_10_0437.xml", "product_code":"cce", - "code":"78", + "code":"81", "des":"Check whether the Protocol & Port of the worker node security groups is set to ICMP: All and whether the security group with the source IP address set to the master node ", "doc_type":"usermanual2", "kw":"Security Groups,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1423,8 +1477,8 @@ "uri":"cce_10_0439.html", "node_id":"cce_10_0439.xml", "product_code":"cce", - "code":"79", - "des":"Check whether nodes need to be migrated.For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before performing", + "code":"82", + "des":"Check whether nodes need to be migrated.This issue is caused by either an error in the node's package pull component or the absence of key system components on the node, ", "doc_type":"usermanual2", "kw":"Residual Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1441,8 +1495,8 @@ "uri":"cce_10_0440.html", "node_id":"cce_10_0440.xml", "product_code":"cce", - "code":"80", - "des":"Check whether there are discarded resources in the clusters.Scenario: The Service in the clusters of v1.25 or later has discarded annotation: tolerate-unready-endpoints.E", + "code":"83", + "des":"Check whether there are discarded resources in the clusters.Scenario 1: The Service in the clusters of v1.25 or later has discarded annotation tolerate-unready-endpoints.", "doc_type":"usermanual2", "kw":"Discarded Kubernetes Resources,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1459,7 +1513,7 @@ "uri":"cce_10_0441.html", "node_id":"cce_10_0441.xml", "product_code":"cce", - "code":"81", + "code":"84", "des":"Read the version compatibility differences and ensure that they are not affected. The patch upgrade does not involve version compatibility differences.", "doc_type":"usermanual2", "kw":"Compatibility Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1477,7 +1531,7 @@ "uri":"cce_10_0442.html", "node_id":"cce_10_0442.xml", "product_code":"cce", - "code":"82", + "code":"85", "des":"Check whether cce-agent on the current node is of the latest version.Scenario 1: The error message \"you cce-agent no update, please restart it\" is displayed.cce-agent doe", "doc_type":"usermanual2", "kw":"CCE Agent Versions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1495,8 +1549,8 @@ "uri":"cce_10_0443.html", "node_id":"cce_10_0443.xml", "product_code":"cce", - "code":"83", - "des":"Check whether the CPU usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule pod", + "code":"86", + "des":"Check whether the node's CPU usage is above 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule pods to", "doc_type":"usermanual2", "kw":"Node CPU Usage,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1513,7 +1567,7 @@ "uri":"cce_10_0444.html", "node_id":"cce_10_0444.xml", "product_code":"cce", - "code":"84", + "code":"87", "des":"Check the following items:Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.Check whether the cluster key CRD network-attachment-definiti", "doc_type":"usermanual2", "kw":"CRDs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1531,7 +1585,7 @@ "uri":"cce_10_0445.html", "node_id":"cce_10_0445.xml", "product_code":"cce", - "code":"85", + "code":"88", "des":"Check the following items:Check whether the key data disks on the node meet the upgrade requirements.Check whether the /tmp directory has 500 MB available space.During th", "doc_type":"usermanual2", "kw":"Node Disks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1549,7 +1603,7 @@ "uri":"cce_10_0446.html", "node_id":"cce_10_0446.xml", "product_code":"cce", - "code":"86", + "code":"89", "des":"Check the following items:Check whether the DNS configuration of the current node can resolve the OBS address.Check whether the current node can access the OBS address of", "doc_type":"usermanual2", "kw":"Node DNS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1567,7 +1621,7 @@ "uri":"cce_10_0447.html", "node_id":"cce_10_0447.xml", "product_code":"cce", - "code":"87", + "code":"90", "des":"Check whether the owner and owner group of the files in the /var/paas directory used by the CCE are both paas.Scenario 1: The error message \"xx file permission has been c", "doc_type":"usermanual2", "kw":"Node Key Directory File Permissions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1585,7 +1639,7 @@ "uri":"cce_10_0448.html", "node_id":"cce_10_0448.xml", "product_code":"cce", - "code":"88", + "code":"91", "des":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet malfunctions, the node is unavailable. Restore the nod", "doc_type":"usermanual2", "kw":"kubelet,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1603,8 +1657,8 @@ "uri":"cce_10_0449.html", "node_id":"cce_10_0449.xml", "product_code":"cce", - "code":"89", - "des":"Check whether the memory usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule ", + "code":"92", + "des":"Check whether the node's memory usage is above 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule pods", "doc_type":"usermanual2", "kw":"Node Memory,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1621,7 +1675,7 @@ "uri":"cce_10_0450.html", "node_id":"cce_10_0450.xml", "product_code":"cce", - "code":"90", + "code":"93", "des":"Check whether the clock synchronization server ntpd or chronyd of the node is running properly.Scenario 1: ntpd is running abnormally.Log in to the node and run the syste", "doc_type":"usermanual2", "kw":"Node Clock Synchronization Server,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1639,7 +1693,7 @@ "uri":"cce_10_0451.html", "node_id":"cce_10_0451.xml", "product_code":"cce", - "code":"91", + "code":"94", "des":"Check whether the OS kernel version of the node is supported by CCE.Case 1: The node image is not a standard CCE image.CCE nodes run depending on the initial standard ker", "doc_type":"usermanual2", "kw":"Node OS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1657,7 +1711,7 @@ "uri":"cce_10_0452.html", "node_id":"cce_10_0452.xml", "product_code":"cce", - "code":"92", + "code":"95", "des":"Check and make sure that the master nodes in your cluster have more than 2 CPU cores.The number of CPU cores on the master nodes is 2, which may lead to a cluster upgrade", "doc_type":"usermanual2", "kw":"Node CPU Cores,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1675,8 +1729,8 @@ "uri":"cce_10_0453.html", "node_id":"cce_10_0453.xml", "product_code":"cce", - "code":"93", - "des":"Check whether the Python commands are available on a node.If the command output is not 0, the check fails.Install Python before the upgrade.", + "code":"96", + "des":"Check whether the Python commands are available on a node.If the command output is not 0, the check fails.Reset the node or manually install Python before attempting the ", "doc_type":"usermanual2", "kw":"Node Python Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1693,7 +1747,7 @@ "uri":"cce_10_0455.html", "node_id":"cce_10_0455.xml", "product_code":"cce", - "code":"94", + "code":"97", "des":"Check whether the nodes in the cluster are ready.Scenario 1: The nodes are in the unavailable status.Log in to the CCE console and click the cluster name to access the cl", "doc_type":"usermanual2", "kw":"Node Readiness,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1711,7 +1765,7 @@ "uri":"cce_10_0456.html", "node_id":"cce_10_0456.xml", "product_code":"cce", - "code":"95", + "code":"98", "des":"Check whether journald of a node is normal.Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the co", "doc_type":"usermanual2", "kw":"Node journald,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1729,8 +1783,8 @@ "uri":"cce_10_0457.html", "node_id":"cce_10_0457.xml", "product_code":"cce", - "code":"96", - "des":"Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.Scenario: The Docker used by the node is the", + "code":"99", + "des":"Check whether the containerd.sock file is on the node. This file affects the startup of container runtime in the Euler OS.Scenario: The Docker used by the node is the cus", "doc_type":"usermanual2", "kw":"containerd.sock,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1747,7 +1801,7 @@ "uri":"cce_10_0458.html", "node_id":"cce_10_0458.xml", "product_code":"cce", - "code":"97", + "code":"100", "des":"This check item is not typical and implies that an internal error was found during the pre-upgrade check.Perform the pre-upgrade check again.If it fails again, submit a s", "doc_type":"usermanual2", "kw":"Internal Error,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1765,8 +1819,8 @@ "uri":"cce_10_0459.html", "node_id":"cce_10_0459.xml", "product_code":"cce", - "code":"98", - "des":"Check whether inaccessible mount points exist on the node.Scenario: There are inaccessible mount points on the node.If NFS (such as obsfs or SFS) is used by the node and ", + "code":"101", + "des":"Check whether there are inaccessible mount points on the node.Scenario: There are inaccessible mount points on the node.If NFS (such as obsfs or SFS) is used by the node ", "doc_type":"usermanual2", "kw":"Node Mount Points,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -1783,7 +1837,7 @@ "uri":"cce_10_0460.html", "node_id":"cce_10_0460.xml", "product_code":"cce", - "code":"99", + "code":"102", "des":"Check whether the taint needed for cluster upgrade exists on the node.Scenario 1: The node is skipped during the cluster upgrade.If the version of the node is different f", "doc_type":"usermanual2", "kw":"Kubernetes Node Taints,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1801,7 +1855,7 @@ "uri":"cce_10_0478.html", "node_id":"cce_10_0478.xml", "product_code":"cce", - "code":"100", + "code":"103", "des":"Check whether there are any compatibility restrictions on the current Everest add-on.There are compatibility restrictions on the current Everest add-on and it cannot be u", "doc_type":"usermanual2", "kw":"Everest Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1819,7 +1873,7 @@ "uri":"cce_10_0479.html", "node_id":"cce_10_0479.xml", "product_code":"cce", - "code":"101", + "code":"104", "des":"Check whether there are compatibility limitations between the current and target cce-controller-hpa add-on versions.There are compatibility limitations between the curren", "doc_type":"usermanual2", "kw":"cce-hpa-controller Limitations,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1837,7 +1891,7 @@ "uri":"cce_10_0480.html", "node_id":"cce_10_0480.xml", "product_code":"cce", - "code":"102", + "code":"105", "des":"Check whether the current cluster version and the target version support enhanced CPU policy.Scenario: Only the current cluster version supports the enhanced CPU policy f", "doc_type":"usermanual2", "kw":"Enhanced CPU Policies,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1855,7 +1909,7 @@ "uri":"cce_10_0484.html", "node_id":"cce_10_0484.xml", "product_code":"cce", - "code":"103", + "code":"106", "des":"Check whether the container runtime and network components on the worker nodes are healthy.Issue 1: CNI Agent is not active.If your cluster version is earlier than v1.17.", "doc_type":"usermanual2", "kw":"Health of Worker Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1873,7 +1927,7 @@ "uri":"cce_10_0485.html", "node_id":"cce_10_0485.xml", "product_code":"cce", - "code":"104", + "code":"107", "des":"Check whether cluster components such as the Kubernetes component, container runtime component, and network component are running properly before the upgrade.Perform the ", "doc_type":"usermanual2", "kw":"Health of Master Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1891,7 +1945,7 @@ "uri":"cce_10_0486.html", "node_id":"cce_10_0486.xml", "product_code":"cce", - "code":"105", + "code":"108", "des":"Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.Solution 1: Reduce Kubernetes resources that are ne", "doc_type":"usermanual2", "kw":"Memory Resource Limit of Kubernetes Components,Troubleshooting for Pre-upgrade Check Exceptions,User", @@ -1909,7 +1963,7 @@ "uri":"cce_10_0487.html", "node_id":"cce_10_0487.xml", "product_code":"cce", - "code":"106", + "code":"109", "des":"The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.Due to the limited time range of audi", "doc_type":"usermanual2", "kw":"Discarded Kubernetes APIs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1927,7 +1981,7 @@ "uri":"cce_10_0488.html", "node_id":"cce_10_0488.xml", "product_code":"cce", - "code":"107", + "code":"110", "des":"If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.CCE Turbo clusters support IPv6 since v1.23. This feature is available ", "doc_type":"usermanual2", "kw":"IPv6 Support in CCE Turbo Clusters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1945,7 +1999,7 @@ "uri":"cce_10_0489.html", "node_id":"cce_10_0489.xml", "product_code":"cce", - "code":"108", + "code":"111", "des":"Check whether NetworkManager of a node is normal.Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager.", "doc_type":"usermanual2", "kw":"NetworkManager,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1963,7 +2017,7 @@ "uri":"cce_10_0490.html", "node_id":"cce_10_0490.xml", "product_code":"cce", - "code":"109", + "code":"112", "des":"Check the ID file format.", "doc_type":"usermanual2", "kw":"Node ID File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1981,7 +2035,7 @@ "uri":"cce_10_0491.html", "node_id":"cce_10_0491.xml", "product_code":"cce", - "code":"110", + "code":"113", "des":"When you upgrade a cluster to v1.19 or later, the system checks whether the following configuration files have been modified on the backend:/opt/cloud/cce/kubernetes/kube", "doc_type":"usermanual2", "kw":"Node Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -1999,8 +2053,8 @@ "uri":"cce_10_0492.html", "node_id":"cce_10_0492.xml", "product_code":"cce", - "code":"111", - "des":"Check whether the configuration files of key components exist on the node.The following table lists the files to be checked.Contact technical support to restore the confi", + "code":"114", + "des":"Check whether the configuration files of key components exist on the node.The following table lists the files to be checked.Reset the node. For details, see Resetting a N", "doc_type":"usermanual2", "kw":"Node Configuration File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", "search_title":"", @@ -2017,7 +2071,7 @@ "uri":"cce_10_0493.html", "node_id":"cce_10_0493.xml", "product_code":"cce", - "code":"112", + "code":"115", "des":"Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affec", "doc_type":"usermanual2", "kw":"CoreDNS Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2035,7 +2089,7 @@ "uri":"cce_10_0494.html", "node_id":"cce_10_0494.xml", "product_code":"cce", - "code":"113", + "code":"116", "des":"Check whether the sudo commands and sudo-related files of the node are working.Scenario 1: The sudo command fails to be executed.During the in-place cluster upgrade, the ", "doc_type":"usermanual2", "kw":"sudo,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2053,7 +2107,7 @@ "uri":"cce_10_0495.html", "node_id":"cce_10_0495.xml", "product_code":"cce", - "code":"114", + "code":"117", "des":"Whether some key commands that the node upgrade depends on are workingScenario 1: Executing the package manager command failed.Executing the rpm or dpkg command failed. I", "doc_type":"usermanual2", "kw":"Key Node Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2071,7 +2125,7 @@ "uri":"cce_10_0496.html", "node_id":"cce_10_0496.xml", "product_code":"cce", - "code":"115", + "code":"118", "des":"Check whether the docker/containerd.sock file is directly mounted to the pods on a node. During an upgrade, Docker or containerd restarts and the sock file on the host ch", "doc_type":"usermanual2", "kw":"Mounting of a Sock File on a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2089,7 +2143,7 @@ "uri":"cce_10_0497.html", "node_id":"cce_10_0497.xml", "product_code":"cce", - "code":"116", + "code":"119", "des":"Check whether the certificate used by an HTTPS load balancer has been modified on ELB.The certificate referenced by an HTTPS ingress created on CCE is modified on the ELB", "doc_type":"usermanual2", "kw":"HTTPS Load Balancer Certificate Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Gu", @@ -2107,7 +2161,7 @@ "uri":"cce_10_0498.html", "node_id":"cce_10_0498.xml", "product_code":"cce", - "code":"117", + "code":"120", "des":"Check whether the default mount directory and soft link on the node have been manually mounted or modified.Non-shared diskBy default, /var/lib/docker, containerd, or /mnt", "doc_type":"usermanual2", "kw":"Node Mounting,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2125,7 +2179,7 @@ "uri":"cce_10_0499.html", "node_id":"cce_10_0499.xml", "product_code":"cce", - "code":"118", + "code":"121", "des":"Check whether user paas is allowed to log in to a node.Run the following command to check whether user paas is allowed to log in to a node:If the permissions assigned to ", "doc_type":"usermanual2", "kw":"Login Permissions of User paas on a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2143,7 +2197,7 @@ "uri":"cce_10_0500.html", "node_id":"cce_10_0500.xml", "product_code":"cce", - "code":"119", + "code":"122", "des":"Check whether the load balancer associated with a Service is allocated with a private IPv4 address.Solution 1: Delete the Service that is associated with a load balancer ", "doc_type":"usermanual2", "kw":"Private IPv4 Addresses of Load Balancers,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2161,7 +2215,7 @@ "uri":"cce_10_0501.html", "node_id":"cce_10_0501.xml", "product_code":"cce", - "code":"120", + "code":"123", "des":"Check the historical upgrade records of the cluster and confirm that the current version of the cluster meets the requirements for upgrading to the target version.Upgradi", "doc_type":"usermanual2", "kw":"Historical Upgrade Records,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2179,7 +2233,7 @@ "uri":"cce_10_0502.html", "node_id":"cce_10_0502.xml", "product_code":"cce", - "code":"121", + "code":"124", "des":"Check whether the CIDR block of the cluster management plane is the same as that configured on the backbone network.The CIDR block of the management plane has been modifi", "doc_type":"usermanual2", "kw":"CIDR Block of the Cluster Management Plane,Troubleshooting for Pre-upgrade Check Exceptions,User Gui", @@ -2197,7 +2251,7 @@ "uri":"cce_10_0503.html", "node_id":"cce_10_0503.xml", "product_code":"cce", - "code":"122", + "code":"125", "des":"The GPU add-on is involved in the upgrade, which may affect the GPU driver installation during the creation of a GPU node.The GPU add-on driver needs to be configured by ", "doc_type":"usermanual2", "kw":"GPU Add-on,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2215,7 +2269,7 @@ "uri":"cce_10_0504.html", "node_id":"cce_10_0504.xml", "product_code":"cce", - "code":"123", + "code":"126", "des":"Check whether the default system parameter settings on your nodes are modified.If the MTU value of the bond0 network on your BMS node is not the default value 1500, this ", "doc_type":"usermanual2", "kw":"Nodes' System Parameters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2233,7 +2287,7 @@ "uri":"cce_10_0505.html", "node_id":"cce_10_0505.xml", "product_code":"cce", - "code":"124", + "code":"127", "des":"Check whether there are residual package version data in the current cluster.A message is displayed indicating that there are residual 10.12.1.109 CRD resources in your c", "doc_type":"usermanual2", "kw":"Residual Package Version Data,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2251,7 +2305,7 @@ "uri":"cce_10_0506.html", "node_id":"cce_10_0506.xml", "product_code":"cce", - "code":"125", + "code":"128", "des":"Check whether the commands required for the upgrade are available on the node.The cluster upgrade failure is typically caused by the lack of key node commands that are re", "doc_type":"usermanual2", "kw":"Node Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2269,7 +2323,7 @@ "uri":"cce_10_0507.html", "node_id":"cce_10_0507.xml", "product_code":"cce", - "code":"126", + "code":"129", "des":"Check whether swap has been enabled on CCE nodes.By default, swap is disabled on CCE nodes. Check the necessity of enabling swap manually and determine the impact of disa", "doc_type":"usermanual2", "kw":"Node Swap,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2287,7 +2341,7 @@ "uri":"cce_10_0508.html", "node_id":"cce_10_0508.xml", "product_code":"cce", - "code":"127", + "code":"130", "des":"Check item 1: Check whether there is an Nginx Ingress route whose ingress type is not specified (kubernetes.io/ingress.class: nginx is not added to annotations) in the cl", "doc_type":"usermanual2", "kw":"nginx-ingress Upgrade,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2305,7 +2359,7 @@ "uri":"cce_10_0510.html", "node_id":"cce_10_0510.xml", "product_code":"cce", - "code":"128", + "code":"131", "des":"Check whether the service pods running on a containerd node are restarted when containerd is upgraded.containerd on your node may need to be restarted. To minimize the im", "doc_type":"usermanual2", "kw":"containerd Pod Restart Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2323,7 +2377,7 @@ "uri":"cce_10_0511.html", "node_id":"cce_10_0511.xml", "product_code":"cce", - "code":"129", + "code":"132", "des":"Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.", "doc_type":"usermanual2", "kw":"Key GPU Add-on Parameters,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2341,7 +2395,7 @@ "uri":"cce_10_0512.html", "node_id":"cce_10_0512.xml", "product_code":"cce", - "code":"130", + "code":"133", "des":"Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.Upgrade the cluster when the impact on services is con", "doc_type":"usermanual2", "kw":"GPU Pod Rebuild Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2359,7 +2413,7 @@ "uri":"cce_10_0513.html", "node_id":"cce_10_0513.xml", "product_code":"cce", - "code":"131", + "code":"134", "des":"Check whether ELB listener access control has been configured for the Services in the current cluster using annotations.If so, check whether their configurations are corr", "doc_type":"usermanual2", "kw":"ELB Listener Access Control,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2377,7 +2431,7 @@ "uri":"cce_10_0514.html", "node_id":"cce_10_0514.xml", "product_code":"cce", - "code":"132", + "code":"135", "des":"Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.This issue is typically caused by modifications made to the ma", "doc_type":"usermanual2", "kw":"Master Node Flavor,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2395,7 +2449,7 @@ "uri":"cce_10_0515.html", "node_id":"cce_10_0515.xml", "product_code":"cce", - "code":"133", + "code":"136", "des":"Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.Rolling upgrade is not supported if there are not enough IP addresses in", "doc_type":"usermanual2", "kw":"Subnet Quota of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2413,7 +2467,7 @@ "uri":"cce_10_0516.html", "node_id":"cce_10_0516.xml", "product_code":"cce", - "code":"134", + "code":"137", "des":"Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.If your node's runtime is not ", "doc_type":"usermanual2", "kw":"Node Runtime,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2431,7 +2485,7 @@ "uri":"cce_10_0517.html", "node_id":"cce_10_0517.xml", "product_code":"cce", - "code":"135", + "code":"138", "des":"Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.If your node pool's runtime is", "doc_type":"usermanual2", "kw":"Node Pool Runtime,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2449,7 +2503,7 @@ "uri":"cce_10_0518.html", "node_id":"cce_10_0518.xml", "product_code":"cce", - "code":"136", + "code":"139", "des":"Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions ", "doc_type":"usermanual2", "kw":"Number of Node Images,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", @@ -2463,11 +2517,137 @@ "title":"Number of Node Images", "githuburl":"" }, + { + "uri":"cce_10_0520.html", + "node_id":"cce_10_0520.xml", + "product_code":"cce", + "code":"140", + "des":"Check whether the target version supports secret encryption. If it does not, clusters that have this feature enabled cannot be upgraded to the target version.Secret encry", + "doc_type":"usermanual2", + "kw":"Compatibility Check of Secret Encryption,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Compatibility Check of Secret Encryption", + "githuburl":"" + }, + { + "uri":"cce_10_0521.html", + "node_id":"cce_10_0521.xml", + "product_code":"cce", + "code":"141", + "des":"Make sure that the GPU add-on and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on mus", + "doc_type":"usermanual2", + "kw":"Compatibility Between the Ubuntu Kernel and GPU Driver,Troubleshooting for Pre-upgrade Check Excepti", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Compatibility Between the Ubuntu Kernel and GPU Driver", + "githuburl":"" + }, + { + "uri":"cce_10_0522.html", + "node_id":"cce_10_0522.xml", + "product_code":"cce", + "code":"142", + "des":"An unfinished drainage task is detected in the cluster, which may resume after the upgrade. If this happens, running pods will be evicted, which could impact your service", + "doc_type":"usermanual2", + "kw":"Drainage Tasks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Drainage Tasks", + "githuburl":"" + }, + { + "uri":"cce_10_0523.html", + "node_id":"cce_10_0523.xml", + "product_code":"cce", + "code":"143", + "des":"Check the number of image layers on your node. If there are more than 5000 layers, it will take a long time for Docker or containerd to start, affecting the stdout of Doc", + "doc_type":"usermanual2", + "kw":"Image Layers on a Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Image Layers on a Node", + "githuburl":"" + }, + { + "uri":"cce_10_0524.html", + "node_id":"cce_10_0524.xml", + "product_code":"cce", + "code":"144", + "des":"Check whether your cluster is eligible for a rolling upgrade. The result shows that the rolling upgrade is not supported.Rolling upgrades cannot be performed if the tenan", + "doc_type":"usermanual2", + "kw":"Cluster Rolling Upgrade,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Cluster Rolling Upgrade", + "githuburl":"" + }, + { + "uri":"cce_10_0525.html", + "node_id":"cce_10_0525.xml", + "product_code":"cce", + "code":"145", + "des":"Check whether the number of certificates on your node is greater than 1000. During an upgrade, certificate files will be processed in batches. An excessive number of cert", + "doc_type":"usermanual2", + "kw":"Rotation Certificates,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Rotation Certificates", + "githuburl":"" + }, + { + "uri":"cce_10_0526.html", + "node_id":"cce_10_0526.xml", + "product_code":"cce", + "code":"146", + "des":"Check whether any modifications have been made to the listener, forwarding policy, forwarding rule, backend cloud server group, backend cloud server, or certificate confi", + "doc_type":"usermanual2", + "kw":"Ingress and ELB Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guid", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Ingress and ELB Configuration Consistency", + "githuburl":"" + }, { "uri":"cce_10_0183.html", "node_id":"cce_10_0183.xml", "product_code":"cce", - "code":"137", + "code":"147", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Nodes", @@ -2485,7 +2665,7 @@ "uri":"cce_10_0180.html", "node_id":"cce_10_0180.xml", "product_code":"cce", - "code":"138", + "code":"148", "des":"A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (P", "doc_type":"usermanual2", "kw":"paas,user group,Node Overview,Nodes,User Guide", @@ -2503,7 +2683,7 @@ "uri":"cce_10_0462.html", "node_id":"cce_10_0462.xml", "product_code":"cce", - "code":"139", + "code":"149", "des":"Container engines, one of the most important components of Kubernetes, manage the lifecycle of images and containers. The kubelet interacts with a container runtime throu", "doc_type":"usermanual2", "kw":"Container Engines,Nodes,User Guide", @@ -2521,7 +2701,7 @@ "uri":"cce_10_0476.html", "node_id":"cce_10_0476.xml", "product_code":"cce", - "code":"140", + "code":"150", "des":"This section describes the mappings between released cluster versions and OS versions.", "doc_type":"usermanual2", "kw":"Node OSs,Nodes,User Guide", @@ -2539,7 +2719,7 @@ "uri":"cce_10_0363.html", "node_id":"cce_10_0363.xml", "product_code":"cce", - "code":"141", + "code":"151", "des":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The DNS configuration of a subnet where a node is loc", "doc_type":"usermanual2", "kw":"Creating a Node,Nodes,User Guide", @@ -2557,7 +2737,7 @@ "uri":"cce_10_0198.html", "node_id":"cce_10_0198.xml", "product_code":"cce", - "code":"142", + "code":"152", "des":"In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs) to your cluster for management.When accepting an ECS, you can reset the ECS OS to a standard ", "doc_type":"usermanual2", "kw":"Accepting Nodes for Management,Nodes,User Guide", @@ -2575,8 +2755,8 @@ "uri":"cce_10_0185.html", "node_id":"cce_10_0185.xml", "product_code":"cce", - "code":"143", - "des":"If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).Only login to a running ECS is allowed.Only the user linux can l", + "code":"153", + "des":"Before you log in to a node using SSH, ensure that the SSH port (22 by default) is enabled in the security group of the node.Before you log in to a node (an ECS) using SS", "doc_type":"usermanual2", "kw":"Logging In to a Node,Nodes,User Guide", "search_title":"", @@ -2593,7 +2773,7 @@ "uri":"cce_10_0672.html", "node_id":"cce_10_0672.xml", "product_code":"cce", - "code":"144", + "code":"154", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"node labels", @@ -2611,7 +2791,7 @@ "uri":"cce_10_0004.html", "node_id":"cce_10_0004.xml", "product_code":"cce", - "code":"145", + "code":"155", "des":"You can add different labels to nodes and define different attributes for labels. By using these node labels, you can quickly understand the characteristics of each node.", "doc_type":"usermanual2", "kw":"node labels,Inherent Label of a Node,Managing Node Labels,Management Nodes,User Guide", @@ -2629,7 +2809,7 @@ "uri":"cce_10_0352.html", "node_id":"cce_10_0352.xml", "product_code":"cce", - "code":"146", + "code":"156", "des":"Taints enable a node to repel specific pods to prevent these pods from being scheduled to the node.On the CCE console, you can also batch manage nodes' taints.Enter the k", "doc_type":"usermanual2", "kw":"NoSchedule,PreferNoSchedule,NoExecute,System Taints,Managing Node Taints,Management Nodes,User Guide", @@ -2647,7 +2827,7 @@ "uri":"cce_10_0003.html", "node_id":"cce_10_0003.xml", "product_code":"cce", - "code":"147", + "code":"157", "des":"You can reset a node to modify the node configuration, such as the node OS and login mode.Resetting a node will reinstall the node OS and the Kubernetes software on the n", "doc_type":"usermanual2", "kw":"reset a node,Resetting a Node,Management Nodes,User Guide", @@ -2665,7 +2845,7 @@ "uri":"cce_10_0338.html", "node_id":"cce_10_0338.xml", "product_code":"cce", - "code":"148", + "code":"158", "des":"Removing a node from a cluster will re-install the node OS and clear CCE components on the node.Removing a node will not delete the server corresponding to the node. You ", "doc_type":"usermanual2", "kw":"Removing a Node,Management Nodes,User Guide", @@ -2683,7 +2863,7 @@ "uri":"cce_10_0184.html", "node_id":"cce_10_0184.xml", "product_code":"cce", - "code":"149", + "code":"159", "des":"Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifyi", "doc_type":"usermanual2", "kw":"synchronize the ECS,Synchronizing the Data of Cloud Servers,Management Nodes,User Guide", @@ -2701,7 +2881,7 @@ "uri":"cce_10_0605.html", "node_id":"cce_10_0605.xml", "product_code":"cce", - "code":"150", + "code":"160", "des":"After you enable nodal drainage on the console, CCE configures the node to be non-schedulable and securely evicts all pods that comply with Rules for Draining Nodes on th", "doc_type":"usermanual2", "kw":"nodal drainage,nodal drainage,Draining a Node,Management Nodes,User Guide", @@ -2719,7 +2899,7 @@ "uri":"cce_10_0186.html", "node_id":"cce_10_0186.xml", "product_code":"cce", - "code":"151", + "code":"161", "des":"You can delete a pay-per-use node that is not needed from the node list.Deleting or unsubscribing from a node in a CCE cluster will release the node and services running ", "doc_type":"usermanual2", "kw":"Deleting a Node,Management Nodes,User Guide", @@ -2737,7 +2917,7 @@ "uri":"cce_10_0036.html", "node_id":"cce_10_0036.xml", "product_code":"cce", - "code":"152", + "code":"162", "des":"When a node in the cluster is stopped, all services on that node will also be stopped, and the node will no longer be available for scheduling. Check if your services wil", "doc_type":"usermanual2", "kw":"Stopping a Node,Management Nodes,User Guide", @@ -2755,7 +2935,7 @@ "uri":"cce_10_0276.html", "node_id":"cce_10_0276.xml", "product_code":"cce", - "code":"153", + "code":"163", "des":"In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.The o", "doc_type":"usermanual2", "kw":"Performing Rolling Upgrade for Nodes,Management Nodes,User Guide", @@ -2773,7 +2953,7 @@ "uri":"cce_10_0704.html", "node_id":"cce_10_0704.xml", "product_code":"cce", - "code":"154", + "code":"164", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Node O&M", @@ -2791,7 +2971,7 @@ "uri":"cce_10_0178.html", "node_id":"cce_10_0178.xml", "product_code":"cce", - "code":"155", + "code":"165", "des":"Some node resources are used to run mandatory Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total number of node res", "doc_type":"usermanual2", "kw":"total number of node resources,Node Resource Reservation Policy,Node O&M,User Guide", @@ -2809,10 +2989,10 @@ "uri":"cce_10_0341.html", "node_id":"cce_10_0341.xml", "product_code":"cce", - "code":"156", - "des":"This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.When creating a node, configure data disks for t", + "code":"166", + "des":"This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.In clusters of a version earlier than v1.23.18-r", "doc_type":"usermanual2", - "kw":"data disk space allocation,Container engine and container image space,container engine and container", + "kw":"Data Disk Space Allocation,Container engine and container image space,container engine and container", "search_title":"", "metedata":[ { @@ -2820,17 +3000,17 @@ "documenttype":"usermanual" } ], - "title":"Data Disk Space Allocation", + "title":"Space Allocation of a Data Disk", "githuburl":"" }, { "uri":"cce_10_0348.html", "node_id":"cce_10_0348.xml", "product_code":"cce", - "code":"157", - "des":"The maximum number of pods that can be created on a node is calculated based on the cluster type:When creating a cluster using a VPC network, you need to configure the nu", + "code":"167", + "des":"The maximum number of pods that can be created on a node is calculated based on the cluster type:When creating a cluster in the VPC network model, specify the number of c", "doc_type":"usermanual2", - "kw":"Maximum Number of Pods on a Node,maximum number of pods,Maximum Number of Pods That Can Be Created o", + "kw":"Maximum Number of Pods on a Node,alpha.cce/fixPoolMask,maximum number of pods,Maximum Number of Pods", "search_title":"", "metedata":[ { @@ -2845,10 +3025,10 @@ "uri":"cce_10_0883.html", "node_id":"cce_10_0883.xml", "product_code":"cce", - "code":"158", + "code":"168", "des":"To maintain the stability of nodes, CCE stores Kubernetes and container runtime components on separate data disks. Kubernetes uses the /mnt/paas/kubernetes directory, and", "doc_type":"usermanual2", - "kw":"Differences Between CCE Node mountPath Configurations and Community Native Configurations,Node O&M,U", + "kw":"Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community,Nod", "search_title":"", "metedata":[ { @@ -2856,14 +3036,14 @@ "documenttype":"usermanual" } ], - "title":"Differences Between CCE Node mountPath Configurations and Community Native Configurations", + "title":"Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community", "githuburl":"" }, { "uri":"cce_10_0601.html", "node_id":"cce_10_0601.xml", "product_code":"cce", - "code":"159", + "code":"169", "des":"Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE is going to stop the support for Docker. Change the node container engine from Do", "doc_type":"usermanual2", "kw":"Migrating Nodes from Docker to containerd,Node O&M,User Guide", @@ -2881,7 +3061,7 @@ "uri":"cce_10_0659.html", "node_id":"cce_10_0659.xml", "product_code":"cce", - "code":"160", + "code":"170", "des":"The node fault detection function depends on the NPD add-on. The add-on instances run on nodes and monitor nodes. This section describes how to enable node fault detectio", "doc_type":"usermanual2", "kw":"Node Fault Detection,Check Items,Configuring Node Fault Detection Policies,Node O&M,User Guide", @@ -2895,11 +3075,29 @@ "title":"Configuring Node Fault Detection Policies", "githuburl":"" }, + { + "uri":"cce_bestpractice_10020_0.html", + "node_id":"cce_bestpractice_10020_0.xml", + "product_code":"cce", + "code":"171", + "des":"When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correct", + "doc_type":"usermanual2", + "kw":"Executing the Pre- or Post-installation Commands During Node Creation,Node O&M,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Executing the Pre- or Post-installation Commands During Node Creation", + "githuburl":"" + }, { "uri":"cce_10_0035.html", "node_id":"cce_10_0035.xml", "product_code":"cce", - "code":"161", + "code":"172", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Node Pools", @@ -2917,7 +3115,7 @@ "uri":"cce_10_0081.html", "node_id":"cce_10_0081.xml", "product_code":"cce", - "code":"162", + "code":"173", "des":"CCE introduces node pools to help you better manage nodes in Kubernetes clusters. A node pool contains one node or a group of nodes with identical configuration in a clus", "doc_type":"usermanual2", "kw":"DefaultPool,DefaultPool,Deploying a Workload in a Specified Node Pool,Node Pool Overview,Node Pools,", @@ -2935,7 +3133,7 @@ "uri":"cce_10_0012.html", "node_id":"cce_10_0012.xml", "product_code":"cce", - "code":"163", + "code":"174", "des":"This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.Basic SettingsCo", "doc_type":"usermanual2", "kw":"Creating a Node Pool,Node Pools,User Guide", @@ -2953,7 +3151,7 @@ "uri":"cce_10_0658.html", "node_id":"cce_10_0658.xml", "product_code":"cce", - "code":"164", + "code":"175", "des":"You can specify a specification in a node pool for scaling.The default node pool does not support scaling. Use Creating a Node to add a node.Add or reduce nodes for scali", "doc_type":"usermanual2", "kw":"Scaling a Node Pool,Node Pools,User Guide", @@ -2971,7 +3169,7 @@ "uri":"cce_10_0222.html", "node_id":"cce_10_0222.xml", "product_code":"cce", - "code":"165", + "code":"176", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Managing a Node Pool", @@ -2989,10 +3187,10 @@ "uri":"cce_10_0653.html", "node_id":"cce_10_0653.xml", "product_code":"cce", - "code":"166", + "code":"177", "des":"Changes to the container engine, OS, or pre-/post-installation script in a node pool take effect only on new nodes. To synchronize the modification onto existing nodes, m", "doc_type":"usermanual2", - "kw":"Updating a Node Pool,Managing a Node Pool,User Guide", + "kw":"base size,Updating a Node Pool,Managing a Node Pool,User Guide", "search_title":"", "metedata":[ { @@ -3007,7 +3205,7 @@ "uri":"cce_10_0727.html", "node_id":"cce_10_0727.xml", "product_code":"cce", - "code":"167", + "code":"178", "des":"Auto Scaling (AS) enables elastic scaling of nodes in a node pool based on scaling policies. Without this function, you have to manually adjust the number of nodes in a n", "doc_type":"usermanual2", "kw":"Updating an AS Configuration,Managing a Node Pool,User Guide", @@ -3025,7 +3223,7 @@ "uri":"cce_10_0652.html", "node_id":"cce_10_0652.xml", "product_code":"cce", - "code":"168", + "code":"179", "des":"The default node pool does not support the following management operations.CCE allows you to highly customize Kubernetes parameter settings on core components in a cluste", "doc_type":"usermanual2", "kw":"Modifying Node Pool Configurations,Managing a Node Pool,User Guide", @@ -3043,7 +3241,7 @@ "uri":"cce_10_0886.html", "node_id":"cce_10_0886.xml", "product_code":"cce", - "code":"169", + "code":"180", "des":"If you want to add a newly created ECS to a node pool in a cluster, or remove a node from a node pool and add it to the node pool again, accept the node.When an ECS is ac", "doc_type":"usermanual2", "kw":"Accepting Nodes in a Node Pool,Managing a Node Pool,User Guide", @@ -3061,7 +3259,7 @@ "uri":"cce_10_0655.html", "node_id":"cce_10_0655.xml", "product_code":"cce", - "code":"170", + "code":"181", "des":"You can copy the configuration of an existing node pool on the CCE console to create new node pools.", "doc_type":"usermanual2", "kw":"Copying a Node Pool,Managing a Node Pool,User Guide", @@ -3079,7 +3277,7 @@ "uri":"cce_10_0654.html", "node_id":"cce_10_0654.xml", "product_code":"cce", - "code":"171", + "code":"182", "des":"After the configuration of a node pool is updated, some configurations cannot be automatically synchronized for existing nodes. You can manually synchronize configuration", "doc_type":"usermanual2", "kw":"Synchronizing Node Pools,Managing a Node Pool,User Guide", @@ -3097,7 +3295,7 @@ "uri":"cce_10_0660.html", "node_id":"cce_10_0660.xml", "product_code":"cce", - "code":"172", + "code":"183", "des":"After CCE releases a new OS image, if existing nodes cannot be automatically upgraded, you can manually upgrade them in batches.This section describes how to upgrade an O", "doc_type":"usermanual2", "kw":"Upgrading an OS,Managing a Node Pool,User Guide", @@ -3115,8 +3313,8 @@ "uri":"cce_10_0656.html", "node_id":"cce_10_0656.xml", "product_code":"cce", - "code":"173", - "des":"Nodes in a node pool can be migrated to the default node pool. Nodes in the default node pool or a custom node pool cannot be migrated to other custom node pools.The migr", + "code":"184", + "des":"You can migrate nodes between node pools within a cluster. Table 1 lists migration scenarios.Migration scenariosMigration ScenarioMigrationOperationSource Node PoolTarget", "doc_type":"usermanual2", "kw":"Migrating a Node,Managing a Node Pool,User Guide", "search_title":"", @@ -3133,7 +3331,7 @@ "uri":"cce_10_0657.html", "node_id":"cce_10_0657.xml", "product_code":"cce", - "code":"174", + "code":"185", "des":"Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.Deleting a node pool will de", "doc_type":"usermanual2", "kw":"Deleting a Node Pool,Managing a Node Pool,User Guide", @@ -3151,10 +3349,10 @@ "uri":"cce_10_0046.html", "node_id":"cce_10_0046.xml", "product_code":"cce", - "code":"175", + "code":"186", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Deployments,StatefulSets,DaemonSets,jobs,cron jobs", + "kw":"Workloads", "search_title":"", "metedata":[ { @@ -3169,7 +3367,7 @@ "uri":"cce_10_0006.html", "node_id":"cce_10_0006.xml", "product_code":"cce", - "code":"176", + "code":"187", "des":"A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is ", "doc_type":"usermanual2", "kw":"Deployments,StatefulSets,DaemonSets,jobs,cron jobs,Overview,Workloads,User Guide", @@ -3187,7 +3385,7 @@ "uri":"cce_10_0673.html", "node_id":"cce_10_0673.xml", "product_code":"cce", - "code":"177", + "code":"188", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Creating a Workload", @@ -3205,7 +3403,7 @@ "uri":"cce_10_0047.html", "node_id":"cce_10_0047.xml", "product_code":"cce", - "code":"178", + "code":"189", "des":"Deployments are workloads (for example, Nginx) that do not store any data or status. You can create Deployments on the CCE console or by running kubectl commands.Before c", "doc_type":"usermanual2", "kw":"create a workload using kubectl,Creating a Deployment,Creating a Workload,User Guide", @@ -3223,7 +3421,7 @@ "uri":"cce_10_0048.html", "node_id":"cce_10_0048.xml", "product_code":"cce", - "code":"179", + "code":"190", "des":"StatefulSets are a type of workloads whose data or status is stored while they are running. For example, MySQL is a StatefulSet because it needs to store new data.A conta", "doc_type":"usermanual2", "kw":"Using kubectl,Creating a StatefulSet,Creating a Workload,User Guide", @@ -3241,7 +3439,7 @@ "uri":"cce_10_0216.html", "node_id":"cce_10_0216.xml", "product_code":"cce", - "code":"180", + "code":"191", "des":"CCE provides deployment and management capabilities for multiple types of containers and supports features of container workloads, including creation, configuration, moni", "doc_type":"usermanual2", "kw":"create a workload using kubectl,Creating a DaemonSet,Creating a Workload,User Guide", @@ -3259,7 +3457,7 @@ "uri":"cce_10_0150.html", "node_id":"cce_10_0150.xml", "product_code":"cce", - "code":"181", + "code":"192", "des":"Jobs are short-lived and run for a certain time to completion. They can be executed immediately after being deployed. It is completed after it exits normally (exit 0).A j", "doc_type":"usermanual2", "kw":"Creating a Job,Creating a Workload,User Guide", @@ -3277,7 +3475,7 @@ "uri":"cce_10_0151.html", "node_id":"cce_10_0151.xml", "product_code":"cce", - "code":"182", + "code":"193", "des":"A cron job runs on a repeating schedule. You can perform time synchronization for all active nodes at a fixed time point.A cron job runs periodically at the specified tim", "doc_type":"usermanual2", "kw":"time synchronization,Creating a Cron Job,Creating a Workload,User Guide", @@ -3295,7 +3493,7 @@ "uri":"cce_10_0130.html", "node_id":"cce_10_0130.xml", "product_code":"cce", - "code":"183", + "code":"194", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Configuring a Workload", @@ -3313,7 +3511,7 @@ "uri":"cce_10_0463.html", "node_id":"cce_10_0463.xml", "product_code":"cce", - "code":"184", + "code":"195", "des":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", "doc_type":"usermanual2", "kw":"Secure Runtime and Common Runtime,Configuring a Workload,User Guide", @@ -3331,7 +3529,7 @@ "uri":"cce_10_0354.html", "node_id":"cce_10_0354.xml", "product_code":"cce", - "code":"185", + "code":"196", "des":"When creating a workload, you can configure containers to use the same time zone as the node. You can enable time zone synchronization when creating a workload.The time z", "doc_type":"usermanual2", "kw":"Configuring Time Zone Synchronization,Configuring a Workload,User Guide", @@ -3349,7 +3547,7 @@ "uri":"cce_10_0353.html", "node_id":"cce_10_0353.xml", "product_code":"cce", - "code":"186", + "code":"197", "des":"When a workload is created, the container image is pulled from the image repository to the node. The image is also pulled when the workload is restarted or upgraded.By de", "doc_type":"usermanual2", "kw":"Configuring an Image Pull Policy,Configuring a Workload,User Guide", @@ -3367,7 +3565,7 @@ "uri":"cce_10_0009.html", "node_id":"cce_10_0009.xml", "product_code":"cce", - "code":"187", + "code":"198", "des":"CCE allows you to create workloads using images pulled from third-party image repositories.Generally, a third-party image repository can be accessed only after authentica", "doc_type":"usermanual2", "kw":"Using Third-Party Images,Configuring a Workload,User Guide", @@ -3385,7 +3583,7 @@ "uri":"cce_10_0163.html", "node_id":"cce_10_0163.xml", "product_code":"cce", - "code":"188", + "code":"199", "des":"CCE allows you to set resource requirements and limits, such as CPU and RAM, for added containers during workload creation. Kubernetes also allows using YAML to set requi", "doc_type":"usermanual2", "kw":"ephemeral storage,Configuring Container Specifications,Configuring a Workload,User Guide", @@ -3403,7 +3601,7 @@ "uri":"cce_10_0105.html", "node_id":"cce_10_0105.xml", "product_code":"cce", - "code":"189", + "code":"200", "des":"CCE provides callback functions for the lifecycle management of containerized applications. For example, if you want a container to perform a certain operation before sto", "doc_type":"usermanual2", "kw":"Startup Command,Post-Start,Pre-Stop,Configuring Container Lifecycle Parameters,Configuring a Workloa", @@ -3421,7 +3619,7 @@ "uri":"cce_10_0112.html", "node_id":"cce_10_0112.xml", "product_code":"cce", - "code":"190", + "code":"201", "des":"Health check regularly checks the health status of containers during container running. If the health check function is not configured, a pod cannot detect application ex", "doc_type":"usermanual2", "kw":"Health check,HTTP request,TCP port,CLI,Configuring Container Health Check,Configuring a Workload,Use", @@ -3439,7 +3637,7 @@ "uri":"cce_10_0113.html", "node_id":"cce_10_0113.xml", "product_code":"cce", - "code":"191", + "code":"202", "des":"An environment variable is a variable whose value can affect the way a running container will behave. You can modify environment variables even after workloads are deploy", "doc_type":"usermanual2", "kw":"Configuring Environment Variables,Configuring a Workload,User Guide", @@ -3457,7 +3655,7 @@ "uri":"cce_10_0397.html", "node_id":"cce_10_0397.xml", "product_code":"cce", - "code":"192", + "code":"203", "des":"In actual applications, upgrade is a common operation. A Deployment, StatefulSet, or DaemonSet can easily support application upgrade.You can set different upgrade polici", "doc_type":"usermanual2", "kw":"Configuring Workload Upgrade Policies,Configuring a Workload,User Guide", @@ -3471,29 +3669,11 @@ "title":"Configuring Workload Upgrade Policies", "githuburl":"" }, - { - "uri":"cce_10_0232.html", - "node_id":"cce_10_0232.xml", - "product_code":"cce", - "code":"193", - "des":"Kubernetes supports node affinity and pod affinity/anti-affinity. You can configure custom rules to achieve affinity and anti-affinity scheduling. For example, you can de", - "doc_type":"usermanual2", - "kw":"Scheduling Policies (Affinity/Anti-affinity),Configuring a Workload,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual" - } - ], - "title":"Scheduling Policies (Affinity/Anti-affinity)", - "githuburl":"" - }, { "uri":"cce_10_0728.html", "node_id":"cce_10_0728.xml", "product_code":"cce", - "code":"194", + "code":"204", "des":"Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is co", "doc_type":"usermanual2", "kw":"Configuring Tolerance Policies,Configuring a Workload,User Guide", @@ -3511,7 +3691,7 @@ "uri":"cce_10_0386.html", "node_id":"cce_10_0386.xml", "product_code":"cce", - "code":"195", + "code":"205", "des":"CCE allows you to add annotations to a YAML file to realize some advanced pod functions. The following table describes the annotations you can add.When you create a workl", "doc_type":"usermanual2", "kw":"Configuring Labels and Annotations,Configuring a Workload,User Guide", @@ -3525,12 +3705,102 @@ "title":"Configuring Labels and Annotations", "githuburl":"" }, + { + "uri":"cce_10_0889.html", + "node_id":"cce_10_0889.xml", + "product_code":"cce", + "code":"206", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Scheduling a Workload", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Scheduling a Workload", + "githuburl":"" + }, + { + "uri":"cce_10_0232.html", + "node_id":"cce_10_0232.xml", + "product_code":"cce", + "code":"207", + "des":"Kubernetes schedules workloads based on pods. After you create a workload, the scheduler automatically assigns pods. For example, the scheduler distributes pods to nodes ", + "doc_type":"usermanual2", + "kw":"Overview,Scheduling a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Overview", + "githuburl":"" + }, + { + "uri":"cce_10_0891.html", + "node_id":"cce_10_0891.xml", + "product_code":"cce", + "code":"208", + "des":"To select a node for scheduling in Kubernetes, simply configure the nodeSelector field in the workload. This field allows you to configure the label of the desired node t", + "doc_type":"usermanual2", + "kw":"Configuring Specified Node Scheduling (nodeSelector),Scheduling a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Configuring Specified Node Scheduling (nodeSelector)", + "githuburl":"" + }, + { + "uri":"cce_10_0892.html", + "node_id":"cce_10_0892.xml", + "product_code":"cce", + "code":"209", + "des":"Kubernetes can schedule workload pods to affinity nodes based on their labels and label values. For example, some nodes support GPU computing, and node affinity schedulin", + "doc_type":"usermanual2", + "kw":"Node Affinity,Specified Node Pool Scheduling,Configuring Node Affinity Scheduling (nodeAffinity),Sch", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Configuring Node Affinity Scheduling (nodeAffinity)", + "githuburl":"" + }, + { + "uri":"cce_10_0893.html", + "node_id":"cce_10_0893.xml", + "product_code":"cce", + "code":"210", + "des":"Kubernetes offers workload affinity and anti-affinity scheduling, which allows for flexible scheduling of new workloads on either related or unrelated nodes. This results", + "doc_type":"usermanual2", + "kw":"Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity),Schedulin", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)", + "githuburl":"" + }, { "uri":"cce_10_00356.html", "node_id":"cce_10_00356.xml", "product_code":"cce", - "code":"196", - "des":"If you encounter unexpected problems when using a container, you can log in to the container to debug it.The example output is as follows:NAME ", + "code":"211", + "des":"If you encounter unexpected problems when using a container, you can log in to the container to debug it.When using CloudShell to access a CCE cluster or container, you c", "doc_type":"usermanual2", "kw":"Logging In to a Container,Workloads,User Guide", "search_title":"", @@ -3547,8 +3817,8 @@ "uri":"cce_10_0007.html", "node_id":"cce_10_0007.xml", "product_code":"cce", - "code":"197", - "des":"After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMonitor", + "code":"212", + "des":"After a workload is created, you can upgrade, log, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMo", "doc_type":"usermanual2", "kw":"Managing Workloads,Workloads,User Guide", "search_title":"", @@ -3565,7 +3835,7 @@ "uri":"cce_10_0833.html", "node_id":"cce_10_0833.xml", "product_code":"cce", - "code":"198", + "code":"213", "des":"Custom Resource Definition (CRD) is an extension of Kubernetes APIs. When default Kubernetes resources cannot meet service requirements, you can use CRDs to define new re", "doc_type":"usermanual2", "kw":"Managing Custom Resources,Workloads,User Guide", @@ -3583,7 +3853,7 @@ "uri":"cce_10_0465.html", "node_id":"cce_10_0465.xml", "product_code":"cce", - "code":"199", + "code":"214", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Pod Security", @@ -3601,7 +3871,7 @@ "uri":"cce_10_0275.html", "node_id":"cce_10_0275.xml", "product_code":"cce", - "code":"200", + "code":"215", "des":"A pod security policy (PSP) is a cluster-level resource that controls sensitive security aspects of the pod specification. The PodSecurityPolicy object in Kubernetes defi", "doc_type":"usermanual2", "kw":"Configuring a Pod Security Policy,Pod Security,User Guide", @@ -3619,7 +3889,7 @@ "uri":"cce_10_0466.html", "node_id":"cce_10_0466.xml", "product_code":"cce", - "code":"201", + "code":"216", "des":"Before using pod security admission, understand Kubernetes Pod Security Standards. These standards define different isolation levels for pods. They let you define how you", "doc_type":"usermanual2", "kw":"Configuring Pod Security Admission,Pod Security,User Guide", @@ -3637,7 +3907,7 @@ "uri":"cce_10_0674.html", "node_id":"cce_10_0674.xml", "product_code":"cce", - "code":"202", + "code":"217", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Scheduling", @@ -3655,7 +3925,7 @@ "uri":"cce_10_0702.html", "node_id":"cce_10_0702.xml", "product_code":"cce", - "code":"203", + "code":"218", "des":"CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describe", "doc_type":"usermanual2", "kw":"Overview,Scheduling,User Guide", @@ -3673,7 +3943,7 @@ "uri":"cce_10_0551.html", "node_id":"cce_10_0551.xml", "product_code":"cce", - "code":"204", + "code":"219", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"CPU Scheduling", @@ -3691,7 +3961,7 @@ "uri":"cce_10_0351.html", "node_id":"cce_10_0351.xml", "product_code":"cce", - "code":"205", + "code":"220", "des":"By default, kubelet uses CFS quotas to enforce pod CPU limits. When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the", "doc_type":"usermanual2", "kw":"CPU Policy,CPU Scheduling,User Guide", @@ -3709,7 +3979,7 @@ "uri":"cce_10_0552.html", "node_id":"cce_10_0552.xml", "product_code":"cce", - "code":"206", + "code":"221", "des":"Kubernetes provides two CPU policies: none and static.none: The CPU policy is disabled by default, indicating the existing scheduling behavior.static: The static CPU core", "doc_type":"usermanual2", "kw":"Enhanced CPU Policy,CPU Scheduling,User Guide", @@ -3727,7 +3997,7 @@ "uri":"cce_10_0720.html", "node_id":"cce_10_0720.xml", "product_code":"cce", - "code":"207", + "code":"222", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"GPU Scheduling", @@ -3745,7 +4015,7 @@ "uri":"cce_10_0345.html", "node_id":"cce_10_0345.xml", "product_code":"cce", - "code":"208", + "code":"223", "des":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The CCE AI Suite (NVIDIA GPU) add-on has been installed. During the insta", "doc_type":"usermanual2", "kw":"Default GPU Scheduling in Kubernetes,GPU Scheduling,User Guide", @@ -3763,7 +4033,7 @@ "uri":"cce_10_0423.html", "node_id":"cce_10_0423.xml", "product_code":"cce", - "code":"209", + "code":"224", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Volcano Scheduling", @@ -3781,8 +4051,8 @@ "uri":"cce_10_0721.html", "node_id":"cce_10_0721.xml", "product_code":"cce", - "code":"210", - "des":"Volcano is a Kubernetes-based batch processing platform that supports machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provi", + "code":"225", + "des":"Volcano is a batch processing platform that runs on Kubernetes for machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provides", "doc_type":"usermanual2", "kw":"Overview,Volcano Scheduling,User Guide", "search_title":"", @@ -3799,7 +4069,7 @@ "uri":"cce_10_0722.html", "node_id":"cce_10_0722.xml", "product_code":"cce", - "code":"211", + "code":"226", "des":"Volcano is a Kubernetes-based batch processing platform with high-performance general computing capabilities like task scheduling engine, heterogeneous chip management, a", "doc_type":"usermanual2", "kw":"Scheduling Workloads,Volcano Scheduling,User Guide", @@ -3817,7 +4087,7 @@ "uri":"cce_10_0768.html", "node_id":"cce_10_0768.xml", "product_code":"cce", - "code":"212", + "code":"227", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Resource Usage-based Scheduling", @@ -3835,7 +4105,7 @@ "uri":"cce_10_0773.html", "node_id":"cce_10_0773.xml", "product_code":"cce", - "code":"213", + "code":"228", "des":"Bin packing is an optimization algorithm that aims to properly allocate resources to each job and get the jobs done using the minimum amount of resources. After bin packi", "doc_type":"usermanual2", "kw":"Bin Packing,Resource Usage-based Scheduling,User Guide", @@ -3853,7 +4123,7 @@ "uri":"cce_10_0766.html", "node_id":"cce_10_0766.xml", "product_code":"cce", - "code":"214", + "code":"229", "des":"Scheduling in a cluster is the process of binding pending pods to nodes, and is performed by a component called kube-scheduler or Volcano Scheduler. The scheduler uses a ", "doc_type":"usermanual2", "kw":"Descheduling,Resource Usage-based Scheduling,User Guide", @@ -3871,7 +4141,7 @@ "uri":"cce_10_0767.html", "node_id":"cce_10_0767.xml", "product_code":"cce", - "code":"215", + "code":"230", "des":"In scenarios such as node pool replacement and rolling node upgrade, an old resource pool needs to be replaced with a new one. To prevent the node pool replacement from a", "doc_type":"usermanual2", "kw":"Node Pool Affinity,Resource Usage-based Scheduling,User Guide", @@ -3889,7 +4159,7 @@ "uri":"cce_10_0789.html", "node_id":"cce_10_0789.xml", "product_code":"cce", - "code":"216", + "code":"231", "des":"Volcano Scheduler offers CPU and memory load-aware scheduling for pods and preferentially schedules pods to the node with the lightest load to balance node loads. This pr", "doc_type":"usermanual2", "kw":"Load-aware Scheduling,Resource Usage-based Scheduling,User Guide", @@ -3907,7 +4177,7 @@ "uri":"cce_10_0813.html", "node_id":"cce_10_0813.xml", "product_code":"cce", - "code":"217", + "code":"232", "des":"Volcano scheduling involves node filtering and scoring, which is used to filter the nodes meeting scheduling conditions and score the filtered nodes to find the one with ", "doc_type":"usermanual2", "kw":"Configuration Cases for Resource Usage-based Scheduling,Resource Usage-based Scheduling,User Guide", @@ -3925,7 +4195,7 @@ "uri":"cce_10_0774.html", "node_id":"cce_10_0774.xml", "product_code":"cce", - "code":"218", + "code":"233", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Priority-based Scheduling", @@ -3943,7 +4213,7 @@ "uri":"cce_10_0775.html", "node_id":"cce_10_0775.xml", "product_code":"cce", - "code":"219", + "code":"234", "des":"A pod priority indicates the importance of a pod relative to other pods. Volcano supports pod PriorityClasses in Kubernetes. After PriorityClasses are configured, the sch", "doc_type":"usermanual2", "kw":"Priority-based Scheduling,Priority-based Scheduling,User Guide", @@ -3961,7 +4231,7 @@ "uri":"cce_10_0776.html", "node_id":"cce_10_0776.xml", "product_code":"cce", - "code":"220", + "code":"235", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"AI Performance-based Scheduling", @@ -3979,7 +4249,7 @@ "uri":"cce_10_0777.html", "node_id":"cce_10_0777.xml", "product_code":"cce", - "code":"221", + "code":"236", "des":"Dominant Resource Fairness (DRF) is a scheduling algorithm based on the dominant resource of a container group. DRF scheduling can be used to enhance the service throughp", "doc_type":"usermanual2", "kw":"DRF,AI Performance-based Scheduling,User Guide", @@ -3997,7 +4267,7 @@ "uri":"cce_10_0778.html", "node_id":"cce_10_0778.xml", "product_code":"cce", - "code":"222", + "code":"237", "des":"Gang scheduling is a scheduling algorithm that schedules correlated processes or threads to run simultaneously on different processors. It meets the scheduling requiremen", "doc_type":"usermanual2", "kw":"Gang,AI Performance-based Scheduling,User Guide", @@ -4015,8 +4285,8 @@ "uri":"cce_10_0425.html", "node_id":"cce_10_0425.xml", "product_code":"cce", - "code":"223", - "des":"When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduli", + "code":"238", + "des":"In non-uniform memory access (NUMA) architecture, a NUMA node is a fundamental component that includes a processor and local memory. These nodes are physically separate b", "doc_type":"usermanual2", "kw":"NUMA Affinity Scheduling,Volcano Scheduling,User Guide", "search_title":"", @@ -4033,7 +4303,7 @@ "uri":"cce_10_0709.html", "node_id":"cce_10_0709.xml", "product_code":"cce", - "code":"224", + "code":"239", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Cloud Native Hybrid Deployment", @@ -4051,7 +4321,7 @@ "uri":"cce_10_0384.html", "node_id":"cce_10_0384.xml", "product_code":"cce", - "code":"225", + "code":"240", "des":"Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly an", "doc_type":"usermanual2", "kw":"Dynamic Resource Oversubscription,Cloud Native Hybrid Deployment,User Guide", @@ -4069,7 +4339,7 @@ "uri":"cce_10_0020.html", "node_id":"cce_10_0020.xml", "product_code":"cce", - "code":"226", + "code":"241", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Network", @@ -4087,7 +4357,7 @@ "uri":"cce_10_0010.html", "node_id":"cce_10_0010.xml", "product_code":"cce", - "code":"227", + "code":"242", "des":"You can learn about a cluster network from the following two aspects:What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are ru", "doc_type":"usermanual2", "kw":"Overview,Network,User Guide", @@ -4105,7 +4375,7 @@ "uri":"cce_10_0280.html", "node_id":"cce_10_0280.xml", "product_code":"cce", - "code":"228", + "code":"243", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Container Network", @@ -4123,7 +4393,7 @@ "uri":"cce_10_0281.html", "node_id":"cce_10_0281.xml", "product_code":"cce", - "code":"229", + "code":"244", "des":"The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:Clo", "doc_type":"usermanual2", "kw":"Overview,Container Network,User Guide", @@ -4141,7 +4411,7 @@ "uri":"cce_10_0678.html", "node_id":"cce_10_0678.xml", "product_code":"cce", - "code":"230", + "code":"245", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Cloud Native Network 2.0 Settings", @@ -4159,7 +4429,7 @@ "uri":"cce_10_0284.html", "node_id":"cce_10_0284.xml", "product_code":"cce", - "code":"231", + "code":"246", "des":"Cloud Native 2.0 network model is a proprietary, next-generation container network model that combines the elastic network interfaces (ENIs) and supplementary network int", "doc_type":"usermanual2", "kw":"Cloud Native 2.0 Network Model,Cloud Native Network 2.0 Settings,User Guide", @@ -4177,10 +4447,10 @@ "uri":"cce_10_0906.html", "node_id":"cce_10_0906.xml", "product_code":"cce", - "code":"232", + "code":"247", "des":"If the pod subnet configured during CCE Turbo cluster creation cannot meet service expansion requirements, you can add a pod subnet for the cluster.This function is avail", "doc_type":"usermanual2", - "kw":"Adding a Pod Subnet for a Cluster,Cloud Native Network 2.0 Settings,User Guide", + "kw":"Configuring Pod Subnets of a Cluster,Cloud Native Network 2.0 Settings,User Guide", "search_title":"", "metedata":[ { @@ -4188,14 +4458,14 @@ "documenttype":"usermanual" } ], - "title":"Adding a Pod Subnet for a Cluster", + "title":"Configuring Pod Subnets of a Cluster", "githuburl":"" }, { "uri":"cce_10_0897.html", "node_id":"cce_10_0897.xml", "product_code":"cce", - "code":"233", + "code":"248", "des":"In Cloud Native 2.0 network mode, pods use ENIs or sub-ENIs of the VPC. You can configure a security group for a pod using a pod's annotation.Configure a security group i", "doc_type":"usermanual2", "kw":"Binding a Security Group to a Pod Using an Annotation,Cloud Native Network 2.0 Settings,User Guide", @@ -4213,7 +4483,7 @@ "uri":"cce_10_0288.html", "node_id":"cce_10_0288.xml", "product_code":"cce", - "code":"234", + "code":"249", "des":"In Cloud Native Network 2.0, pods use VPC ENIs or sub-ENIs for networking. You can directly bind security groups and EIPs to pods. To bind CCE pods with security groups, ", "doc_type":"usermanual2", "kw":"Binding a Security Group to a Workload Using a Security Group Policy,Cloud Native Network 2.0 Settin", @@ -4231,8 +4501,8 @@ "uri":"cce_10_0196.html", "node_id":"cce_10_0196.xml", "product_code":"cce", - "code":"235", - "des":"In a CCE Turbo cluster, you can configure subnets and security groups for containers by namespace or workload using NetworkAttachmentDefinition CRDs. If you want to confi", + "code":"250", + "des":"In a CCE Turbo cluster, you can configure subnets and security groups for containers by namespace or workload using NetworkAttachmentDefinition CRDs. To configure a parti", "doc_type":"usermanual2", "kw":"Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configurati", "search_title":"", @@ -4249,7 +4519,7 @@ "uri":"cce_10_0603.html", "node_id":"cce_10_0603.xml", "product_code":"cce", - "code":"236", + "code":"251", "des":"In Cloud Native Network 2.0, each pod is associated with an ENI, providing a static IP address to the StatefulSet pods (container ENI). This is a common practice in acces", "doc_type":"usermanual2", "kw":"Configuring a Static IP Address for a Pod,Cloud Native Network 2.0 Settings,User Guide", @@ -4267,7 +4537,7 @@ "uri":"cce_10_0734.html", "node_id":"cce_10_0734.xml", "product_code":"cce", - "code":"237", + "code":"252", "des":"In Cloud Native Network 2.0, pods use VPC ENIs or sub-ENIs for networking. You can directly bind EIPs to pods.To associate an EIP with a pod, simply set the value of the ", "doc_type":"usermanual2", "kw":"Configuring an EIP for a Pod,Cloud Native Network 2.0 Settings,User Guide", @@ -4285,7 +4555,7 @@ "uri":"cce_10_0651.html", "node_id":"cce_10_0651.xml", "product_code":"cce", - "code":"238", + "code":"253", "des":"In Cloud Native Network 2.0, static public IP addresses (EIPs) can be assigned to StatefulSets or pods created directly.You can configure a static EIP for a pod only in C", "doc_type":"usermanual2", "kw":"static EIPs,Configuring a Static EIP for a Pod,Cloud Native Network 2.0 Settings,User Guide", @@ -4303,7 +4573,7 @@ "uri":"cce_10_0604.html", "node_id":"cce_10_0604.xml", "product_code":"cce", - "code":"239", + "code":"254", "des":"By default, pods with IPv6 dual-stack ENIs can access only the IPv6 private network. To access the public network, configure shared bandwidth for such pods.Only CCE Turbo", "doc_type":"usermanual2", "kw":"Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs,Cloud Native Network 2.0 Settings,U", @@ -4321,7 +4591,7 @@ "uri":"cce_10_0904.html", "node_id":"cce_10_0904.xml", "product_code":"cce", - "code":"240", + "code":"255", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"VPC Network Settings", @@ -4339,7 +4609,7 @@ "uri":"cce_10_0283.html", "node_id":"cce_10_0283.xml", "product_code":"cce", - "code":"241", + "code":"256", "des":"The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes al", "doc_type":"usermanual2", "kw":"VPC Network Model,VPC Network Settings,User Guide", @@ -4357,7 +4627,7 @@ "uri":"cce_10_0680.html", "node_id":"cce_10_0680.xml", "product_code":"cce", - "code":"242", + "code":"257", "des":"If the container CIDR block configured during CCE cluster creation cannot meet service expansion requirements, you can add a container CIDR block for the cluster.This fun", "doc_type":"usermanual2", "kw":"Adding a Container CIDR Block for a Cluster,VPC Network Settings,User Guide", @@ -4375,7 +4645,7 @@ "uri":"cce_10_0677.html", "node_id":"cce_10_0677.xml", "product_code":"cce", - "code":"243", + "code":"258", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Tunnel Network Settings", @@ -4393,7 +4663,7 @@ "uri":"cce_10_0282.html", "node_id":"cce_10_0282.xml", "product_code":"cce", - "code":"244", + "code":"259", "des":"A container tunnel network creates a separate network plane for containers by using tunnel encapsulation on the host network plane. The container tunnel network of a CCE ", "doc_type":"usermanual2", "kw":"Tunnel Network Model,Tunnel Network Settings,User Guide", @@ -4407,29 +4677,11 @@ "title":"Tunnel Network Model", "githuburl":"" }, - { - "uri":"cce_10_0059.html", - "node_id":"cce_10_0059.xml", - "product_code":"cce", - "code":"245", - "des":"Network policies are designed by Kubernetes to restrict pod access. It is equivalent to a firewall at the application layer to enhance network security. The capabilities ", - "doc_type":"usermanual2", - "kw":"Configuring Network Policies to Restrict Pod Access,Tunnel Network Settings,User Guide", - "search_title":"", - "metedata":[ - { - "prodname":"cce", - "documenttype":"usermanual" - } - ], - "title":"Configuring Network Policies to Restrict Pod Access", - "githuburl":"" - }, { "uri":"cce_10_0675.html", "node_id":"cce_10_0675.xml", "product_code":"cce", - "code":"246", + "code":"260", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Pod Network Settings", @@ -4447,7 +4699,7 @@ "uri":"cce_10_0402.html", "node_id":"cce_10_0402.xml", "product_code":"cce", - "code":"247", + "code":"261", "des":"Kubernetes allows pods to directly use the host/node network. When a pod is configured with hostNetwork: true, applications running in the pod can directly view the netwo", "doc_type":"usermanual2", "kw":"Configuring hostNetwork for Pods,Pod Network Settings,User Guide", @@ -4465,7 +4717,7 @@ "uri":"cce_10_0382.html", "node_id":"cce_10_0382.xml", "product_code":"cce", - "code":"248", + "code":"262", "des":"Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure QoS rate limiting for inter-pod acce", "doc_type":"usermanual2", "kw":"Configuring QoS for a Pod,Pod Network Settings,User Guide", @@ -4479,11 +4731,29 @@ "title":"Configuring QoS for a Pod", "githuburl":"" }, + { + "uri":"cce_10_0059.html", + "node_id":"cce_10_0059.xml", + "product_code":"cce", + "code":"263", + "des":"Network policies are designed by Kubernetes to restrict pod access. It is equivalent to a firewall at the application layer to enhance network security. The capabilities ", + "doc_type":"usermanual2", + "kw":"Configuring Network Policies to Restrict Pod Access,Pod Network Settings,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], + "title":"Configuring Network Policies to Restrict Pod Access", + "githuburl":"" + }, { "uri":"cce_10_0247.html", "node_id":"cce_10_0247.xml", "product_code":"cce", - "code":"249", + "code":"264", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Service", @@ -4501,7 +4771,7 @@ "uri":"cce_10_0249.html", "node_id":"cce_10_0249.xml", "product_code":"cce", - "code":"250", + "code":"265", "des":"After a pod is created, the following problems may occur if you directly access the pod:The pod can be deleted and recreated at any time by a controller such as a Deploym", "doc_type":"usermanual2", "kw":"Overview,Service,User Guide", @@ -4519,7 +4789,7 @@ "uri":"cce_10_0011.html", "node_id":"cce_10_0011.xml", "product_code":"cce", - "code":"251", + "code":"266", "des":"ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.The cluster-internal domain name format is -

2024-11-25

+

2025-02-10

+ +

Add:

+ +

Update:

+ + + +

2024-12-20

+ +

Add:

+ +

Update:

+ +

Delete:

+ + + +

2024-12-19

+ +

Update:

+ + + +

2024-11-30

+ +

Add:

+

Added Configuration Suggestions on CCE Container Runtime Security.

+

Added Configuration Suggestions on CCE Workload Identity Security.

+

Added Performing Cluster Namespace RBAC.

+ + +

2024-11-25

Update:

Updated the Specifications field in Creating a Node and Creating a Node Pool.

@@ -21,7 +53,7 @@

Added Nginx Ingresses.

Added nginx-ingress Upgrade.

Update:

- +

2024-08-30

@@ -61,7 +93,7 @@

2024-03-29

- +

2024-01-29

diff --git a/docs/cce/umn/cce_10_0003.html b/docs/cce/umn/cce_10_0003.html index cf00e8399..a1a8f230c 100644 --- a/docs/cce/umn/cce_10_0003.html +++ b/docs/cce/umn/cce_10_0003.html @@ -4,9 +4,9 @@

Scenario

You can reset a node to modify the node configuration, such as the node OS and login mode.

Resetting a node will reinstall the node OS and the Kubernetes software on the node. If a node is unavailable because you modify the node configuration, you can reset the node to rectify the fault.

-

Notes and Constraints

  • For CCE standard clusters and CCE Turbo clusters to support node resetting, the version must be v1.13 or later.
+

Notes and Constraints

  • To enable node resetting in CCE standard clusters or CCE Turbo clusters, the version must be v1.13 or later.
-

Precautions

  • Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.
  • After a node is reset, the node OS will be reinstalled. Before resetting a node, drain the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.
  • After a node is reset, its system disk and data disks will be cleared. Back up important data before resetting a node.
  • After a worker node with an extra data disk attached is reset on the ECS console, the attachment will be cleared. In this case, attach the disk again and data will be retained.
  • The IP addresses of the workload pods on the node will change, but the container network access is not affected.
  • There is remaining EVS disk quota.
  • While the node is being deleted, the backend will set the node to the unschedulable state.
  • Resetting a node will clear the Kubernetes labels and taints you added (those added by editing a node pool will not be lost). As a result, node-specific resources (such as local storage and workloads scheduled to this node) may be unavailable.
  • Resetting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the reset node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
+

Precautions

  • Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.
  • After a node is reset, the node OS will be reinstalled. Before resetting a node, drain the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.
  • After a node is reset, its system disk and data disks will be cleared. Back up important data before resetting a node.
  • If you reset a worker node that has an additional data disk attached on the ECS console, the attachment will be removed. To keep the data, you need to reattach the disk.
  • The IP addresses of the workload pods on the node will change, but the container network access is not affected.
  • There is remaining EVS disk quota.
  • When a node is reset, the backend will make it unschedulable.
  • Resetting a node will clear the Kubernetes labels and taints you added (those added by editing a node pool will not be lost). As a result, node-specific resources (such as local storage and workloads scheduled to this node) may be unavailable.
  • Resetting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the reset node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.

Resetting Nodes in the Default Pool

  1. Log in to the CCE console and click the cluster name to access the cluster console.
  2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
  3. In the node list of the default pool, select one or more nodes to be reset and choose More > Reset Node in the Operation column.
  4. In the displayed dialog box, click Next.
  5. Specify node parameters.

    Compute Settings
    -
    Table 1 Configuration parameters

    Parameter

    @@ -22,7 +22,7 @@

    Container Engine

    The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

    +

    The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping Between Node OSs and Container Engines.

    OS

    @@ -46,7 +46,7 @@

    Storage Settings

    Configure storage resources on a node for the containers running on it. -
    Table 2 Storage configuration parameters

    Parameter

    +
    @@ -57,10 +57,19 @@ + + + - @@ -69,49 +78,49 @@
    Advanced Settings -
    Table 2 Configuration parameters

    Parameter

    Description

    Directly use the system disk of the cloud server.

    System Component Storage

    +

    Select a disk for storing system components.

    +
    • Data Disk: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
    • System Disk: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.
    +
    NOTE:

    In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If CCE Node Problem Detector is used, ensure that its version is 1.19.2 or later.

    +
    +

    Data Disk

    At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

    -

    Click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.

    +

    At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.

    +

    In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk.

    +

    Click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.

    For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory.

    Table 3 Advanced configuration parameters

    Parameter

    +
    - - - - - - - - - - - - - @@ -120,39 +129,67 @@

  6. Click Next: Confirm.
  7. Click Submit.
    8. -

    Resetting Nodes in a Node Pool

    Parameter configurations are not supported when resetting a node you created in a node pool. The image configured for the node pool is used to reset the node.

    +

    Resetting Nodes in a Node Pool

    • When resetting a node in a node pool, you can only change its storage configuration. All other configurations will follow the settings of the node pool.
    • Resetting a node will execute the pre- and post-installation scripts in the current node pool and update the security group configurations to those of the node pool.
    -
    1. Log in to the CCE console and click the cluster name to access the cluster console.
    2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
    3. In the node list of the target node pool, select a node to be reset and choose More > Reset Node in the Operation column.
    4. In the displayed dialog box, click Yes.
    -
    -

    Resetting Nodes in a Batch

    Resetting nodes in a batch varies depending on application scenarios.

    - -
    Table 3 Advanced configuration parameters

    Parameter

    Description

    +

    Description

    Resource Tag

    +

    Resource Tag

    You can add resource tags to classify resources. A maximum of eight resource tags can be added.

    -

    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

    -

    CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.

    +

    You can add resource tags to classify resources. A maximum of eight resource tags can be added.

    +

    You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

    +

    CCE will automatically create the CCE-Dynamic-Provisioning-Node=Node ID tag.

    Kubernetes Label

    +

    Kubernetes Label

    Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.

    -

    Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.

    +

    Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.

    +

    Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.

    Taint

    +

    Taint

    This field is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
    • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
    • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
    • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
    -
    NOTICE:
    • If taints are used, you must configure tolerations in the YAML files of pods. Otherwise, scale-up may fail or pods cannot be scheduled onto the added nodes.
    • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.
    +
    This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
    • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
    • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
    • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
    +
    NOTICE:
    • If taints are used, you must configure tolerations of pods. Otherwise, a scale-out may fail or pods cannot be scheduled onto the added nodes.
    • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.

    Max. Pods

    +

    Max. Pods

    Maximum number of pods that can run on the node, including the default system pods.

    -

    This limit prevents the node from being overloaded with pods.

    +

    Maximum number of pods that can run on the node, including the default system pods.

    +

    This limit prevents the node from being overloaded with pods.

    Pre-installation Command

    +

    Pre-installation Command

    Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

    -

    The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

    +

    Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

    +

    The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

    Post-installation Command

    +

    Post-installation Command

    Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

    -

    The script will be executed after Kubernetes software is installed, which does not affect the installation.

    +

    Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

    +

    The script will be executed after Kubernetes software is installed, which does not affect the installation.

    Scenario

    +
    1. Log in to the CCE console and click the cluster name to access the cluster console.
    2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
    3. In the node list of the target node pool, select a node to be reset and choose More > Reset Node in the Operation column.
    4. Modify the node storage parameters.

      +

      - - - - - - - - - - - + +
      Table 4 Configuration parameters

      Parameter

      Supported or Not

      -

      Description

      +

      Description

      Resetting nodes in the default pool in a batch

      +

      System Disk

      Supported in some scenarios

      -

      This operation can be performed only if the flavors, AZs, and disk configurations of all nodes are the same.

      +

      Directly use the system disk of the cloud server.

      Resetting nodes in a node pool in a batch

      +

      Default Data Disk

      Supported in some scenarios

      -

      This operation can be performed only if the disk configurations of all nodes are the same.

      +

      Select a data disk for container runtime and kubelet.

      Resetting nodes in different node pools in a batch

      +

      Data Disk

      Not supported

      +

      Configure advanced settings for each data disk.

      +

      For the default data disk, click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.

      +

      For a common data disk, click Expand and select attachment settings.

      +
      • Default: The data disk is attached as a raw disk without any settings.
      • Mount Disk: The data disk is attached to the service directory path. This parameter cannot be left blank or set to a key OS path such as the root directory.
      • Use as PV: The data disk is used as persistent storage volumes for PVCs. For details, see Local PVs.
      • Use as ephemeral volume: The data disk is used as ephemeral storage volumes for PVCs. For details, see Using a Local EV.

      Only the nodes in the same node pool can be reset in a batch.

      +
      +
      +

    5. Click OK.
    + +

    Resetting Nodes in a Batch

    Resetting nodes in a batch varies depending on application scenarios.

    + +
    + + + + + + + + + + + + + + + diff --git a/docs/cce/umn/cce_10_0004.html b/docs/cce/umn/cce_10_0004.html index c95b7edb1..d0603b5f5 100644 --- a/docs/cce/umn/cce_10_0004.html +++ b/docs/cce/umn/cce_10_0004.html @@ -1,11 +1,10 @@

    Managing Node Labels

    -

    You can add different labels to nodes and define different attributes for labels. By using these node labels, you can quickly understand the characteristics of each node.

    -

    Node Label Usage Scenario

    Node labels are mainly used in the following scenarios:

    -
    • Node management: Node labels are used to classify nodes.
    • Node affinity or anti-affinity for workloads: By adding labels to nodes, you can schedule pods to specific nodes through node affinity or prevent pods from being scheduled to specific nodes through node anti-affinity. For details, see Scheduling Policies (Affinity/Anti-affinity).
    +

    Node Label Usage Scenario

    Node labels are mainly used in the following scenarios:

    +
    • Node management: Node labels are used to classify nodes.
    • Node affinity or anti-affinity for workloads: By adding labels to nodes, you can schedule pods to specific nodes through node affinity or prevent pods from being scheduled to specific nodes through node anti-affinity. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
    -

    Inherent Label of a Node

    After a node is created, some fixed labels exist and cannot be deleted. For details about these labels, see Table 1.

    +

    Inherent Label of a Node

    After a node is created, some fixed labels exist and cannot be deleted. For details about these labels, see Table 1.

    Do not manually change the inherent labels that are automatically added to a node. If the manually changed value conflicts with the system value, the system value is used.

    @@ -62,7 +61,7 @@
    - - -

    Scenario

    +

    Supported or Not

    +

    Description

    +

    Resetting nodes in the default pool in a batch

    +

    Conditionally supported

    +

    This operation can be performed only if the node flavor, AZ, and disk configurations of all nodes are the same.

    +

    Resetting nodes in a node pool in a batch

    +

    Conditionally supported

    +

    This operation can be performed only if the disk configurations of all nodes are the same.

    +

    Resetting nodes in different node pools in a batch

    +

    Not supported

    +

    Only the nodes in the same node pool can be reset in a batch.

    node.kubernetes.io/subnetid

    ID of the subnet where the node is located.

    +

    ID of the subnet where the node is located

    os.architecture

    @@ -83,19 +82,19 @@

    accelerator

    GPU node labels.

    +

    GPU node labels

    cce.cloud.com/cce-nodepool

    The dedicated label of a node in a node pool.

    +

    The dedicated label of a node in a node pool
    -

    Adding or Deleting a Node Label

    1. Log in to the CCE console and click the cluster name to access the cluster console.
    2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab, select the target node and click Labels and Taints in the upper left corner.
    3. In the displayed dialog box, click Add operation under Batch Operation, and then choose Add/Update or Delete.

      Enter the key and value of the label to be added or deleted, and click OK.

      +

      Adding or Deleting a Node Label

      1. Log in to the CCE console and click the cluster name to access the cluster console.
      2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab, select the target node and click Labels and Taints in the upper left corner.
      3. In the displayed dialog box, click Add operation under Batch Operation, and then choose Add/Update or Delete.

        Enter the key and value of the label to be added or deleted, and click OK.

        For example, the key is deploy_qa and the value is true, indicating that the node is used to deploy the QA (test) environment.

      4. After the label is added, check the added label in node data.
      diff --git a/docs/cce/umn/cce_10_0006.html b/docs/cce/umn/cce_10_0006.html index 0a4efc9ce..248e4baef 100644 --- a/docs/cce/umn/cce_10_0006.html +++ b/docs/cce/umn/cce_10_0006.html @@ -1,9 +1,9 @@

      Overview

      -

      A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is an abstract model of a group of pods in Kubernetes. Workloads in Kubernetes are classified as Deployments, StatefulSets, DaemonSets, jobs, and cron jobs.

      +

      A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is an abstract model of a group of pods in Kubernetes. Workloads in Kubernetes are classified as Deployments, StatefulSets, DaemonSets, jobs, and cron jobs.

      CCE provides Kubernetes-native container deployment and management and supports lifecycle management of container workloads, including creation, configuration, monitoring, auto scaling, upgrade, uninstall, service discovery, and load balancing.

      -

      Overview of Pod

      A pod is the smallest and simplest unit in the Kubernetes object model that you create or deploy. A pod is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers. Each pod has a separate IP address.

      +

      Overview of Pod

      A pod is the smallest, simplest unit in the Kubernetes object model that you create or deploy. A pod is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers. Each pod has a separate IP address.

      Pods can be used in either of the following ways:

      • A pod runs only one container. This is the most common usage of pods in Kubernetes. You can consider a pod as a container, but Kubernetes directly manages pods instead of containers.
      • A pod runs multiple containers that need to be tightly coupled. In this scenario, a pod contains a main container and several sidecar containers, as shown in Figure 1. For example, the main container is a web server that provides file services from a fixed directory, and sidecar containers periodically download files to this fixed directory.
        Figure 1 Pod running multiple containers
      @@ -19,57 +19,57 @@

      Distributed stateful applications involve different roles for different responsibilities. For example, databases work in active/standby mode, and pods depend on each other. To deploy stateful applications in Kubernetes, ensure pods meet the following requirements:

      • Each pod must have a fixed identifier so that it can be recognized by other pods.
      • Separate storage resources must be configured for each pod. In this way, the original data can be retrieved after a pod is deleted and restored. Otherwise, the pod status will be changed after the pod is rebuilt.

      To address the preceding requirements, Kubernetes provides StatefulSets.

      -
      1. StatefulSets provide a fixed name for each pod following a fixed number ranging from 0 to N. After a pod is rescheduled, the pod name and the hostname remain unchanged.
      2. StatefulSets use a headless Service to allocate a fixed domain name for each pod.
      3. StatefulSets create PersistentVolumeClaims (PVCs) with fixed identifiers to ensure that pods can access the same persistent data after being rescheduled.

        +
        1. StatefulSets provide a fixed name for each pod following a fixed number ranging from 0 to N. After a pod is rescheduled, the pod name and the hostname remain unchanged.
        2. StatefulSets use a headless Service to allocate a fixed domain name for each pod.
        3. StatefulSets create PVCs with fixed identifiers to ensure that pods can access the same persistent data after being rescheduled.
          Figure 3 StatefulSet

      Overview of DaemonSet

      A DaemonSet runs a pod on each node in a cluster and ensures that there is only one pod. This works well for certain system-level applications such as log collection and resource monitoring since they must run on each node and need only a few pods. A good example is kube-proxy.

      DaemonSets are closely related to nodes. If a node becomes faulty, the DaemonSet will not create the same pods on other nodes.

      -
      Figure 3 DaemonSet
      +
      Figure 4 DaemonSet

      Overview of Job and CronJob

      Jobs and CronJobs allow you to run short lived, one-off tasks in batch. They ensure the task pods run to completion.

      • A job is a resource object used by Kubernetes to control batch tasks. Jobs are different from long-term servo tasks (such as Deployments and StatefulSets). The former is started and terminated at specific times, while the latter runs unceasingly unless being terminated. The pods managed by a job will be automatically removed after successfully completing tasks based on user configurations.
      • A CronJob runs a job periodically on a specified schedule. A CronJob object is similar to a line of a crontab file in Linux.

      This run-to-completion feature of jobs is especially suitable for one-off tasks, such as continuous integration (CI).

      Workload Lifecycle

      -
      Table 1 Status description

      Status

      +
      - - - - - - - - - - - - - - - diff --git a/docs/cce/umn/cce_10_0007.html b/docs/cce/umn/cce_10_0007.html index 15e58c929..d6606322a 100644 --- a/docs/cce/umn/cce_10_0007.html +++ b/docs/cce/umn/cce_10_0007.html @@ -1,7 +1,7 @@

      Managing Workloads

      -

      Scenario

      After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file. +

      Scenario

      After a workload is created, you can upgrade, log, monitor, roll back, or delete the workload, as well as edit its YAML file.
      Table 1 Status description

      Status

      Description

      +

      Description

      Running

      +

      Running

      All pods are running or the number of pods is 0.

      +

      All pods are running or the number of pods is 0.

      Unready

      +

      Unready

      The container malfunctions and the pod under the workload is not working.

      +

      The container malfunctions and the pod under the workload is not working.

      Processing

      +

      Processing

      The workload is not running but no error is reported.

      +

      The workload is not running but no error is reported.

      Available

      +

      Available

      For a multi-pod Deployment, some pods are abnormal but at least one pod is available.

      +

      For a multi-pod Deployment, some pods are abnormal but at least one pod is available.

      Completed

      +

      Completed

      The task is successfully executed. This status is available only for common tasks.

      +

      The task is successfully executed. This status is available only for common tasks.

      Stopped

      +

      Stopped

      The workload is stopped and the number of pods changes to 0. This status is available for workloads earlier than v1.13.

      +

      The workload is stopped and the number of pods changes to 0. This status is available for workloads earlier than v1.13.

      Deleting

      +

      Deleting

      The workload is being deleted.

      +

      The workload is being deleted.
      -
      Table 1 Workload/Job management

      Operation

      Description

      @@ -99,13 +99,13 @@

      Disabling/Enabling Upgrade (Available Only for Deployments)

      Only Deployments support this operation.

      • After the upgrade is disabled, the upgrade command can be delivered but will not be applied to the pods.

        If you are performing a rolling upgrade, the rolling upgrade stops after the disabling upgrade command is delivered. In this case, the new and old pods co-exist.

        -
      • If a Deployment is being upgraded, it can be upgraded or rolled back. Its pods will inherit the latest updates of the Deployment. If they are inconsistent, the pods are upgraded automatically according to the latest information of the Deployment.
      +
    4. After the upgrade is enabled, a Deployment can be upgraded or rolled back. Its pods will inherit the latest updates of the Deployment. If they are inconsistent, the pods will be upgraded automatically according to the latest information of the Deployment.

      5. Deployments in the disable upgrade state cannot be rolled back.

      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Disable/Enable Upgrade in the Operation column of the workload.
      3. In the dialog box that is displayed, click Yes.

      Managing Labels

      Labels are key-value pairs and can be attached to workloads. You can manage and select workloads by labels. You can add labels to multiple workloads or a specified workload.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Manage Label in the Operation column of the target workload.
      3. Click Add, enter a key and a value, and click OK.

        A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.

        +
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. Click the Deployments tab and choose More > Manage Label in the Operation column of the target workload.
        3. Click , enter a key and a value, and click OK.

          A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.

        diff --git a/docs/cce/umn/cce_10_0010.html b/docs/cce/umn/cce_10_0010.html index 8fe2b3c3a..4625ee7f8 100644 --- a/docs/cce/umn/cce_10_0010.html +++ b/docs/cce/umn/cce_10_0010.html @@ -4,7 +4,7 @@

        You can learn about a cluster network from the following two aspects:

        • What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are running on the nodes. Nodes and containers need to communicate with each other. For details about the cluster network types and their functions, see Cluster Network Structure.
        • How is pod access implemented in a cluster? Accessing a pod or container is a process of accessing services of a user. Kubernetes provides Service and Ingress to address pod access issues. This section summarizes common network access scenarios. You can select the proper scenario based on site requirements. For details about the network access scenarios, see Access Scenarios.

        Cluster Network Structure

        All nodes in the cluster are located in a VPC and use the VPC network. The container network is managed by dedicated network add-ons.

        -

        +

        • Node Network

          A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. Select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This quantity is also affected by the container network. For details, see the container network model.

        • Container Network

          A container network assigns IP addresses to pods in a cluster. CCE inherits the IP-Per-Pod-Per-Network network model of Kubernetes. That is, each pod has an independent IP address on a network plane and all containers in a pod share the same network namespace. All pods in a cluster exist in a directly connected flat network. They can access each other through their IP addresses without using NAT. Kubernetes only provides a network mechanism for pods, but does not directly configure pod networks. The configuration of pod networks is implemented by specific container network add-ons. The container network add-ons are responsible for configuring networks for pods and managing container IP addresses.

          Currently, CCE supports the following container network models:

          @@ -27,7 +27,7 @@
          • Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.
          • Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.
            • Access through the public network: An EIP should be bound to the node or load balancer.
            • Access through the private network: The workload can be accessed through the internal IP address of the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.
          • The workload can access the external network as follows:
            • Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block.
            • Accessing a public network: Assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see Accessing the Internet from a Container.
          -
          Figure 3 Network access diagram
          +
          Figure 3 Network access diagram
        diff --git a/docs/cce/umn/cce_10_0011.html b/docs/cce/umn/cce_10_0011.html index 2d2735ed3..2399fdf9e 100644 --- a/docs/cce/umn/cce_10_0011.html +++ b/docs/cce/umn/cce_10_0011.html @@ -4,9 +4,9 @@

        Scenario

        ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.

        The cluster-internal domain name format is <Service name>.<Namespace of the workload>.svc.cluster.local:<Port>, for example, nginx.default.svc.cluster.local:80.

        Figure 1 shows the mapping relationships between access channels, container ports, and access ports.

        -
        Figure 1 Intra-cluster access (ClusterIP)
        +
        Figure 1 Intra-cluster access (ClusterIP)
        -

        Creating a ClusterIP Service

        1. Log in to the CCE console and click the cluster name to access the cluster console.
        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
        3. Configure intra-cluster access parameters.

          • Service Name: Specify a Service name, which can be the same as the workload name.
          • Service Type: Select ClusterIP.
          • Namespace: namespace that the workload belongs to.
          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
          • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
          • Ports
            • Protocol: protocol used by the Service.
            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
            • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
            +

            Creating a ClusterIP Service

            1. Log in to the CCE console and click the cluster name to access the cluster console.
            2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
            3. Configure intra-cluster access parameters.

              • Service Name: Specify a Service name, which can be the same as the workload name.
              • Service Type: Select ClusterIP.
              • Namespace: namespace that the workload belongs to.
              • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
              • Protocol Version: Select the IP address of different versions based on service requirements. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
              • Ports
                • Protocol: protocol used by the Service.
                • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.

            4. Click OK.
            @@ -56,7 +56,7 @@ spec: 
            NAME                     READY     STATUS             RESTARTS   AGE
 nginx-2601814895-znhbr   1/1       Running            0          15s

          • Create a Service.

            kubectl create -f nginx-clusterip-svc.yaml

            -

            If information similar to the following is displayed, the Service is being created.

            +

            If information similar to the following is displayed, the Service is being created:

            service "nginx-clusterip" created

            kubectl get svc

            If information similar to the following is displayed, the Service has been created, and a cluster-internal IP address has been assigned to the Service.

            diff --git a/docs/cce/umn/cce_10_0012.html b/docs/cce/umn/cce_10_0012.html index 4b8b87c8f..935ed1c66 100644 --- a/docs/cce/umn/cce_10_0012.html +++ b/docs/cce/umn/cce_10_0012.html @@ -45,7 +45,7 @@

      Container Engine

      The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.

      +

      The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping Between Node OSs and Container Engines.

      OS

      @@ -69,7 +69,7 @@

      Storage Settings

      Configure storage resources on a node for the containers running on it. Select a disk type and configure its size based on service requirements. -
      Table 3 Storage configuration parameters

      Parameter

      +
      @@ -78,19 +78,28 @@ + + + - - - - -
      Table 3 Configuration parameters

      Parameter

      Description

      System Disk

      System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.

      -
      Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
      • Not encrypted is selected by default.
      • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
      • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
      +
      System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
      • Not encrypted is selected by default.
      • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
      • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.

      System Component Storage

      +

      Select a disk for storing system components.

      +
      • Data Disk: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
      • System Disk: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.
      +
      NOTE:

      In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If CCE Node Problem Detector is used, ensure that its version is 1.19.2 or later.

      +
      +

      Data Disk

      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

      -
      • First data disk: used for container runtime and kubelet components. The value ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
      • Other data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
      +
      At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
      • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
      • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
      +
      +

      In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.

      NOTE:
      • If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
      • Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.

      Advanced Settings

      Expand the area and configure the following parameters:

      -
      • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
      • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting.
        • Not encrypted is selected by default.
        • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
        • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
        +
        • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
        • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting.
          • Not encrypted is selected by default.
          • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
          • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.

        Adding data disks

        A maximum of 16 data disks can be attached to an ECS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:

        @@ -153,14 +162,14 @@

      Resource Tag

      You can add resource tags to classify resources.

      -

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.

      +

      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.

      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.

      Kubernetes Label

      A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add Label for more. A maximum of 20 labels can be added.

      -

      Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      +

      Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      Taint

      @@ -202,13 +211,13 @@

      Pre-installation Command

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      +

      Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

      Post-installation Command

      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      +

      Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.

      The script will be executed after Kubernetes software is installed, which does not affect the installation.

      NOTE:

      Do not run the reboot command in the post-installation script to restart the system immediately. To restart the system, run the shutdown -r 1 command to restart with a delay of one minute.

      @@ -216,11 +225,11 @@

      Agency

      An agency is created by the account administrator on the IAM console. Using an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.

      +

      An agency is created by the tenant administrator on the IAM console. Using an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.

      If no agency is available, click Create Agency on the right to create one.

      User-defined node name prefix and suffix

      +

      Custom Prefix and Suffix

      Custom name prefix and suffix of a node in a node pool. After the configuration, the nodes in the node pool will be named with the configured prefix and suffix. For example, if the prefix is prefix- and the suffix is -suffix, the nodes in the node pool will be named in the format of "prefix-Node pool name with five-digit random characters-suffix".

      NOTICE:
      • A prefix and suffix can be customized only when a node pool is created, and they cannot be modified after the node pool is created.
      • A prefix can end with a special character, and a suffix can start with a special character.
      • A node name consists of a maximum of 56 characters in the format of "Prefix-Node pool name with five-digit random characters-Suffix".
      • A node name does not support the combination of a period (.) and special characters (such as .., .-, or -.).
      • This function is available only in clusters of v1.28.1, v1.27.3, v1.25.6, v1.23.11, v1.21.12, or later.
      diff --git a/docs/cce/umn/cce_10_0014.html b/docs/cce/umn/cce_10_0014.html index 4e004f0eb..411149513 100644 --- a/docs/cce/umn/cce_10_0014.html +++ b/docs/cce/umn/cce_10_0014.html @@ -6,7 +6,7 @@

      Configuring Environment Variables of a Workload

      Using the CCE console

      -
      1. Log in to the CCE console and click the cluster name to access the cluster console.
      2. In the navigation pane, choose Workloads. In the dialog box displayed, click Create Workload in the upper right corner.

        When creating a workload, click Environment Variables in the Container Settings area, and click Add Variable.

        +
        1. Log in to the CCE console and click the cluster name to access the cluster console.
        2. In the navigation pane, choose Workloads. Then, click Create Workload in the upper right corner.

          When creating a workload, click Environment Variables in the Container Settings area, and click Add Variable.

          • Added from ConfigMap: Select a ConfigMap to import all of its keys as environment variables.
          • Added from ConfigMap key: Import a key in a ConfigMap as the value of an environment variable.
            • Variable Name: name of an environment variable in the workload. The name can be customized and is set to the key name selected in the ConfigMap by default.
            • Variable Value/Reference: Select a ConfigMap and the key to be imported. The corresponding value is imported as a workload environment variable.

            For example, after you import the value Hello of SPECIAL_LEVEL in ConfigMap cce-configmap as the value of workload environment variable SPECIAL_LEVEL, an environment variable named SPECIAL_LEVEL with its value Hello exists in the container.

          @@ -96,7 +96,7 @@ CCE

          Using the CCE console

          1. Log in to the CCE console and click the cluster name to access the cluster console.
          2. In the navigation pane, choose Workloads. In the dialog box displayed, click Create Workload in the upper right corner.

            When creating a workload, click Environment Variables in the Container Settings area, and click Add Variable. In this example, select Added from ConfigMap.

            • Added from ConfigMap: Select a ConfigMap to import all of its keys as environment variables.
            -

          3. Click Lifecycle in the Container Settings area, click the Post-Start tab on the right, and set the following parameters:

            • Processing Method: CLI
            • Command: Enter the following three command lines. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, that is, the key names in the cce-configmap ConfigMap.
              /bin/bash
+
            • Click Lifecycle in the Container Settings area, click the Post-Start tab on the right, and set the following parameters:

              • Processing Method: CLI
              • Command: Enter the following three command lines. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, which are key names in the cce-configmap ConfigMap.
                /bin/bash
 -c
 echo $SPECIAL_LEVEL $SPECIAL_TYPE > /usr/share/nginx/html/index.html
              @@ -107,7 +107,7 @@ echo $SPECIAL_LEVEL $SPECIAL_TYPE > /usr/share/nginx/html/index.html

          Using kubectl

          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
          2. Create a file named nginx-configmap.yaml and edit it.

            vi nginx-configmap.yaml

            -
            As shown in the following example, the cce-configmap ConfigMap is imported to the workload. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, that is, the key names in the cce-configmap ConfigMap.
            apiVersion: apps/v1
+
            In the following example, the cce-configmap ConfigMap is imported to the workload. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, which are key names in the cce-configmap ConfigMap.
            apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-configmap
@@ -135,7 +135,7 @@ spec:
         - name: default-secret
          3. Create a workload.

            kubectl apply -f nginx-configmap.yaml

            -

          4. After the workload runs properly, the following content is entered into the /usr/share/nginx/html/index.html file in the container:

            1. Run the following command to view the created pod:
              kubectl get pod | grep nginx-configmap
              +

            2. Wait until the workload runs properly. Then, data will be added the /usr/share/nginx/html/index.html file in the container.

              1. Run the following command to view the created pod:
                kubectl get pod | grep nginx-configmap
                Expected output:
                nginx-configmap-***   1/1     Running   0              2m18s
              2. Run the following command to view the environment variables in the pod:
                kubectl exec nginx-configmap-*** -- cat /usr/share/nginx/html/index.html
                @@ -148,35 +148,35 @@ spec:

                Using the CCE console

                1. Log in to the CCE console and click the cluster name to access the cluster console.
                2. In the navigation pane, choose Workloads. In the dialog box displayed, click Create Workload in the upper right corner.

                  When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select ConfigMap from the drop-down list.

                3. Select parameters for mounting a ConfigMap volume, as shown in Table 1.

                  -

                  Table 1 Mounting a ConfigMap volume

                  Parameter

                  +
                  - - - - - - - - - diff --git a/docs/cce/umn/cce_10_0016.html b/docs/cce/umn/cce_10_0016.html index 2dfc1e407..9710f1821 100644 --- a/docs/cce/umn/cce_10_0016.html +++ b/docs/cce/umn/cce_10_0016.html @@ -1,7 +1,7 @@

                  Using a Secret

                  -

                  After secrets are created, they can be mounted as data volumes or be exposed as environment variables to be used by a container in a pod.

                  +

                  After secrets are created, they can be mounted as data volumes or be exposed as environment variables to be used by a container in a pod.

                  Do not perform any operation on the following secrets. For details, see Cluster Secrets.

                  • Do not operate secrets under kube-system.
                  • Do not operate default-secret and paas.elb in any of the namespaces. The default-secret is used to pull the private image of SWR, and the paas.elb is used to connect the service in the namespace to the ELB service.
                  @@ -96,35 +96,35 @@ spec:

                  Using the CCE console

                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                  2. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab. Click Create Workload in the upper right corner.

                    When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select Secret from the drop-down list.

                  3. Select parameters for mounting a secret volume, as shown in Table 1.

                    -

                  Table 1 Mounting a ConfigMap volume

                  Parameter

                  Description

                  +

                  Description

                  ConfigMap

                  +

                  ConfigMap

                  Select the desired ConfigMap.

                  +

                  Select the desired ConfigMap.

                  A ConfigMap must be created beforehand. For details, see Creating a ConfigMap.

                  Mount Path

                  +

                  Mount Path

                  Enter a mount point. After the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the mount path of the container.

                  -
                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, which leads to a container startup failure or workload creation failure.
                  NOTICE:

                  If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

                  +

                  Enter a mount path. After the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the mount path of the container.

                  +
                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                  NOTICE:

                  If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

                  Subpath

                  +

                  Subpath

                  Enter a subpath of the mount path.
                  • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                  • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                  • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                  +
                  Enter a subpath of the mount path.
                  • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.
                  • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                  • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.

                  Permission

                  +

                  Permission

                  Read-only, indicating that data volume in the path is read-only.

                  +

                  Read-only, indicating that data volume in the path is read-only.
                  Table 1 Mounting a secret volume

                  Parameter

                  +
                  - - - - - - - - - diff --git a/docs/cce/umn/cce_10_0018.html b/docs/cce/umn/cce_10_0018.html index 614dc8e83..823f4216d 100644 --- a/docs/cce/umn/cce_10_0018.html +++ b/docs/cce/umn/cce_10_0018.html @@ -4,8 +4,7 @@

                  CCE works with AOM to collect workload logs. When a node is created, ICAgent (a DaemonSet named icagent in the kube-system namespace of a cluster) of AOM is installed by default. ICAgent collects workload logs and reports them to AOM. You can view workload logs on the CCE or AOM console.

                  Constraints

                  ICAgent only collects text logs in .log, .trace, and .out formats.

                  -

                  Using ICAgent to Collect Logs

                  1. When creating a workload, set logging for the container.
                  2. Click to add a log policy.

                    The following uses Nginx as an example. Log policies vary depending on workloads.
                    Figure 1 Adding a log policy
                    -
                    +

                    Using ICAgent to Collect Logs

                    1. When creating a workload, set logging for the container.
                    2. Click to add a log policy.

                      The following uses Nginx as an example. Log policies vary depending on workloads.

                    3. Set Volume Type to hostPath or emptyDir.

                  Table 1 Mounting a secret volume

                  Parameter

                  Description

                  +

                  Description

                  Secret

                  +

                  Secret

                  Select the desired secret.

                  +

                  Select the desired secret.

                  A secret must be created beforehand. For details, see Creating a Secret.

                  Mount Path

                  +

                  Mount Path

                  Enter a mount point. After the secret volume is mounted, a secret file with the key as the file name and value as the file content is generated in the mount path of the container.

                  -
                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may cause container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, which leads to a container startup failure or workload creation failure.
                  NOTICE:

                  If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

                  +

                  Enter a mount path. After the secret volume is mounted, a secret file with the key as the file name and value as the file content is generated in the mount path of the container.

                  +
                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                  NOTICE:

                  If the container is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.

                  Subpath

                  +

                  Subpath

                  Enter a subpath of the mount path.

                  -
                  • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                  • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                  • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                  +

                  Enter a subpath of the mount path.

                  +
                  • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path will be used by default.
                  • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                  • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.

                  Permission

                  +

                  Permission

                  Read-only, indicating that data volume in the path is read-only.

                  +

                  Read-only, indicating that data volume in the path is read-only.
                  @@ -98,7 +97,7 @@ spec: name: vol-log imagePullSecrets: - name: default-secret -

                  The following shows how to use a hostPath volume. Compared with emptyDir, the type of volumes is changed to hostPath, and the path on the host needs to be configured for this hostPath volume. In the following example, /tmp/log on the host is mounted to /var/log/nginx. In this way, the ICAgent can collects logs in /var/log/nginx, without deleting the logs from /tmp/log.

                  +

                  The following shows how to use a hostPath volume. Compared with emptyDir, the type of volumes is changed to hostPath, and the path on the host needs to be configured for this hostPath volume. In the following example, /tmp/log on the host is mounted to /var/log/nginx. In this way, the ICAgent can collects logs in /var/log/nginx, without deleting the logs from /tmp/log.

                  apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -155,8 +154,8 @@ spec:
                  @@ -174,7 +173,7 @@ spec:
                  Table 1 Configuring log policies

                  Parameter

                  Extended host path

                  Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.

                  -

                  A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.

                  -
                  • None: No extended path is configured.
                  • PodUID: ID of a pod.
                  • PodName: name of a pod.
                  • PodUID/ContainerName: ID of a pod or name of a container.
                  • PodName/ContainerName: name of a pod or container.
                  +

                  A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.

                  +
                  • None: No extended path is configured.
                  • PodUID: ID of a pod.
                  • PodName: name of a pod.
                  • PodUID/ContainerName: ID of a pod or name of a container.
                  • PodName/ContainerName: name of a pod or container.

                  policy.logs.rotate

                  @@ -164,7 +163,7 @@ spec:

                  Log dump

                  Log dump refers to rotating log files on a local host.

                  -
                  • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
                  • Disabled: AOM does not dump log files.
                  +
                  • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
                  • Disabled: AOM does not dump log files.
                  NOTE:
                  • AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.
                  • Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have already set rotation for log files, skip the configuration. Otherwise, conflicts may occur.
                  • You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.

                  Collection path

                  A collection path narrows down the scope of collection to specified logs.

                  -
                  • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
                  • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
                  • * in log file names indicates a fuzzy match.
                  +
                  • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
                  • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
                  • * in log file names indicates a fuzzy match.

                  Example: The collection path /tmp/**/test*.log indicates that all .log files prefixed with test will be collected from /tmp and subdirectories at 5 levels deep.

                  CAUTION:

                  Ensure that ICAgent is of v5.12.22 or later.

                  @@ -203,7 +202,7 @@ spec:

                  Viewing Logs

                  After a log collection path is configured and the workload is created, the ICAgent collects log files from the configured path. The collection takes about 1 minute.

                  After the log collection is complete, go to the workload details page and click Logs in the upper right corner to view logs.

                  You can also view logs on the AOM console.

                  -

                  You can also run the kubectl logs command to view the container stdout.

                  +

                  You can also run the kubectl logs command to view the container stdout.

                  # View logs of a specified pod.
 kubectl logs <pod_name>
 kubectl logs -f <pod_name> # Similar to tail -f
diff --git a/docs/cce/umn/cce_10_0019.html b/docs/cce/umn/cce_10_0019.html
index 38c7777c3..39e8c15d9 100644
--- a/docs/cce/umn/cce_10_0019.html
+++ b/docs/cce/umn/cce_10_0019.html
@@ -4,7 +4,7 @@
 
                  
 
                  
 
                    
-
                  • Overview
                    
+
                  • Overview of a Chart
                    
 
                    • 
 
                  • Deploying an Application from a Chart
                    
 
                    • 
diff --git a/docs/cce/umn/cce_10_0024.html b/docs/cce/umn/cce_10_0024.html
index 2e86f2880..ca7e88caf 100644
--- a/docs/cce/umn/cce_10_0024.html
+++ b/docs/cce/umn/cce_10_0024.html
@@ -5,7 +5,7 @@
 
                    
 
diff --git a/docs/cce/umn/cce_10_0025.html b/docs/cce/umn/cce_10_0025.html
index 801d50863..8f20fc3bf 100644
--- a/docs/cce/umn/cce_10_0025.html
+++ b/docs/cce/umn/cce_10_0025.html
@@ -1,588 +1,588 @@
 
 
 
                    CCE Operations Supported by Cloud Trace Service
                    
-
                    Cloud Trace Service (CTS) records operations on cloud service resources, allowing users to query, audit, and backtrack the resource operation requests initiated from the management console or open APIs as well as responses to the requests.
                    
+
                    Cloud Trace Service (CTS) records operations on cloud service resources, allowing users to query, audit, and backtrack the resource operation requests initiated from the management console or open APIs as well as responses to the requests.
                    
 
-
                    Table 1 CCE Operations Supported by CTS
                    Operation
                    
+
                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0026.html b/docs/cce/umn/cce_10_0026.html
index 891699348..5605aa3ac 100644
--- a/docs/cce/umn/cce_10_0026.html
+++ b/docs/cce/umn/cce_10_0026.html
@@ -4,19 +4,10 @@
 
                    Scenarios
                    After you enable CTS and the management tracker is created, CTS starts recording operations on cloud resources. Cloud Trace Service (CTS) stores operation records (traces) generated in the last seven days.
                    
 
                     
                    These operation records are retained for seven days on the CTS console and are automatically deleted upon expiration. Manual deletion is not supported.
                    
 
                    
-
                    This section describes how to query or export operation records of the last seven days on the CTS console.
                    
-
 
                    
-
                    Constraints
                    • You can only query operation records of the last seven days on the CTS console. To store operation records for longer than seven days, you must configure transfer to OBS or Log Tank Service (LTS) so that you can view them in OBS buckets or LTS log groups.
                    • After performing operations on the cloud, you can query management traces on the CTS console one minute later.
                    
-
                    
-
                    Viewing Real-Time Traces in the Trace List of the New Edition
                    1. Log in to the management console.
                    2. Click  in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
                    3. Choose Trace List in the navigation pane on the left.
                    4. On the Trace List page, use advanced search to query traces. You can combine one or more filters.
                      • Trace Name: Enter a trace name.
                      • Trace ID: Enter a trace ID.
                      • Resource Name: Enter a resource name. If the cloud resource involved in the trace does not have a resource name or the corresponding API operation does not involve the resource name parameter, leave this field empty.
                      • Resource ID: Enter a resource ID. Leave this field empty if the resource has no resource ID or if resource creation failed.
                      • Trace Source: Select a cloud service name from the drop-down list.
                      • Resource Type: Select a resource type from the drop-down list.
                      • Operator: Select one or more operators from the drop-down list.
                      • Trace Status: Select normal, warning, or incident.
                        • normal: The operation succeeded.
                        • warning: The operation failed.
                        • incident: The operation caused a fault that is more serious than the operation failure, for example, causing other faults.
                        
-
                      • Time range: Select Last 1 hour, Last 1 day, or Last 1 week, or specify a custom time range within the last seven days.
                      
-
                    5. On the Trace List page, you can also export and refresh the trace list, and customize columns to display.
                      • Enter any keyword in the search box and press Enter to filter desired traces.
                      • Click Export to export all traces in the query result as an .xlsx file. The file can contain up to 5,000 records.
                      • Click  to view the latest information about traces.
                      • Click  to customize the information to be displayed in the trace list. If Auto wrapping is enabled (), excess text will move down to the next line; otherwise, the text will be truncated. By default, this function is disabled.
                      
-
                    6. For details about key fields in the trace structure, see  and section "Trace References" > "Example Traces".
                    7. (Optional) On the Trace List page of the new edition, click Go to Old Edition in the upper right corner to switch to the Trace List page of the old edition.
                    
-
                    
-
                    Viewing Real-Time Traces in the Trace List of the Old Edition
                    1. Log in to the management console.
                    2. Click  in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
                    3. Choose Trace List in the navigation pane on the left.
                    4. Each time you log in to the CTS console, the new edition is displayed by default. Click Go to Old Edition in the upper right corner to switch to the trace list of the old edition.
                    5. Set filters to search for your desired traces, as shown in Figure 1. The following filters are available.
                      Figure 1 Filters
                      
+
                      Viewing Real-Time Traces
                      1. Log in to the management console.
                      2. Click  in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
                      3. Choose Trace List in the navigation pane on the left.
                      4. Set filters to search for your desired traces, as shown in Figure 1. The following filters are available.
                        Figure 1 Filters
                        
 
                        • Trace Type, Trace Source, Resource Type, and Search By: Select a filter from the drop-down list.
                          • If you select Resource ID for Search By, specify a resource ID.
                          • If you select Trace name for Search By, specify a trace name.
                          • If you select Resource name for Search By, specify a resource name.
                          
-
                        • Operator: Select a user.
                        • Trace Status: Select All trace statuses, Normal, Warning, or Incident.
                        • Time range: Select Last 1 hour, Last 1 day, or Last 1 week, or specify a custom time range within the last seven days.
                        • Click Export to export all traces in the query result as a CSV file. The file can contain up to 5,000 records.
                        
+
                      5. Operator: Select a user.
                      6. Trace Status: Select All trace statuses, Normal, Warning, or Incident.
                      7. Time range: Select Last 1 hour, Last 1 day, or Last 1 week, or specify a custom time range within the last seven days.
                        8. 
 
                      
 
                    6. Click Query.
                    7. On the Trace List page, you can also export and refresh the trace list.
                      • Click Export to export all traces in the query result as a CSV file. The file can contain up to 5,000 records.
                      • Click  to view the latest information about traces.
                      
 
                    8. Click  on the left of a trace to expand its details.
                      
@@ -25,7 +16,7 @@
 
                      
 
                      
 
                    9. Click View Trace in the Operation column. The trace details are displayed.
                      
-
                    10. For details about key fields in the trace structure, see section "Trace References" > "Trace Structure" and section "Trace References" > "Example Traces" in the CTS User Guide.
                    11. (Optional) On the Trace List page of the old edition, click New Edition in the upper right corner to switch to the Trace List page of the new edition.
                    
+
                  • For details about key fields in the trace structure, see section "Trace References" > "Trace Structure" and section "Trace References" > "Example Traces" in the CTS User Guide.
                    • 
 
                    
 
                    
diff --git a/docs/cce/umn/cce_10_0028.html b/docs/cce/umn/cce_10_0028.html
index f03625b6c..400b47ffd 100644
--- a/docs/cce/umn/cce_10_0028.html
+++ b/docs/cce/umn/cce_10_0028.html
@@ -41,8 +41,10 @@
 
                    Table 1 CCE Operations Supported by CTS
                    Operation
                    
 
                    Resource Type
                    
+
                    Resource Type
                    
 
                    Event Name
                    
+
                    Event Name
                    
                     		
 
                    
 
                    Creating an agency
                    
+
                    Creating an agency
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    createUserAgencies
                    
+
                    createUserAgencies
                    
                     		
 
                    Creating a cluster
                    
+
                    Creating a cluster
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    createCluster
                    
+
                    createCluster
                    
                     		
 
                    Updating the description of a cluster
                    
+
                    Updating the description of a cluster
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    updateCluster
                    
+
                    updateCluster
                    
                     		
 
                    Upgrading a cluster
                    
+
                    Upgrading a cluster
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    clusterUpgrade
                    
+
                    clusterUpgrade
                    
                     		
 
                    Deleting a cluster
                    
+
                    Deleting a cluster
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    claimCluster/deleteCluster
                    
+
                    claimCluster/deleteCluster
                    
                     		
 
                    Downloading a cluster certificate
                    
+
                    Downloading a cluster certificate
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    getClusterCertByUID
                    
+
                    getClusterCertByUID
                    
                     		
 
                    Binding and unbinding an EIP
                    
+
                    Binding and unbinding an EIP
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    operateMasterEIP
                    
+
                    operateMasterEIP
                    
                     		
 
                    Waking up a cluster and resetting node management (V2)
                    
+
                    Waking up a cluster and resetting node management (V2)
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    operateCluster
                    
+
                    operateCluster
                    
                     		
 
                    Hibernating a cluster (V3)
                    
+
                    Hibernating a cluster (V3)
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    hibernateCluster
                    
+
                    hibernateCluster
                    
                     		
 
                    Waking up a cluster (V3)
                    
+
                    Waking up a cluster (V3)
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    awakeCluster
                    
+
                    awakeCluster
                    
                     		
 
                    Changing the specifications of a cluster
                    
+
                    Changing the specifications of a cluster
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    resizeCluster
                    
+
                    resizeCluster
                    
                     		
 
                    Modifying configurations of a cluster
                    
+
                    Modifying configurations of a cluster
                    
 
                    Cluster
                    
+
                    Cluster
                    
 
                    updateConfiguration
                    
+
                    updateConfiguration
                    
                     		
 
                    Creating a node pool
                    
+
                    Creating a node pool
                    
 
                    Node pool
                    
+
                    Node pool
                    
 
                    createNodePool
                    
+
                    createNodePool
                    
                     		
 
                    Updating a node pool
                    
+
                    Updating a node pool
                    
 
                    Node pool
                    
+
                    Node pool
                    
 
                    updateNodePool
                    
+
                    updateNodePool
                    
                     		
 
                    Deleting a node pool
                    
+
                    Deleting a node pool
                    
 
                    Node pool
                    
+
                    Node pool
                    
 
                    claimNodePool
                    
+
                    claimNodePool
                    
                     		
 
                    Migrating a node pool
                    
+
                    Migrating a node pool
                    
 
                    Node pool
                    
+
                    Node pool
                    
 
                    migrateNodepool
                    
+
                    migrateNodepool
                    
                     		
 
                    Modifying node pool configurations
                    
+
                    Modifying node pool configurations
                    
 
                    Node pool
                    
+
                    Node pool
                    
 
                    updateConfiguration
                    
+
                    updateConfiguration
                    
                     		
 
                    Creating a node
                    
+
                    Creating a node
                    
 
                    Node
                    
+
                    Node
                    
 
                    createNode
                    
+
                    createNode
                    
                     		
 
                    Deleting all the nodes from a specified cluster
                    
+
                    Deleting all the nodes from a specified cluster
                    
 
                    Node
                    
+
                    Node
                    
 
                    deleteAllHosts
                    
+
                    deleteAllHosts
                    
                     		
 
                    Deleting a single node
                    
+
                    Deleting a single node
                    
 
                    Node
                    
+
                    Node
                    
 
                    deleteOneHost/claimOneHost
                    
+
                    deleteOneHost/claimOneHost
                    
                     		
 
                    Updating the description of a node
                    
+
                    Updating the description of a node
                    
 
                    Node
                    
+
                    Node
                    
 
                    updateNode
                    
+
                    updateNode
                    
                     		
 
                    Creating an add-on instance
                    
+
                    Creating an add-on instance
                    
 
                    Add-on instance
                    
+
                    Add-on instance
                    
 
                    createAddonInstance
                    
+
                    createAddonInstance
                    
                     		
 
                    Deleting an add-on instance
                    
+
                    Deleting an add-on instance
                    
 
                    Add-on instance
                    
+
                    Add-on instance
                    
 
                    deleteAddonInstance
                    
+
                    deleteAddonInstance
                    
                     		
 
                    Uploading a chart
                    
+
                    Uploading a chart
                    
 
                    Chart
                    
+
                    Chart
                    
 
                    uploadChart
                    
+
                    uploadChart
                    
                     		
 
                    Updating a chart
                    
+
                    Updating a chart
                    
 
                    Chart
                    
+
                    Chart
                    
 
                    updateChart
                    
+
                    updateChart
                    
                     		
 
                    Deleting a chart
                    
+
                    Deleting a chart
                    
 
                    Chart
                    
+
                    Chart
                    
 
                    deleteChart
                    
+
                    deleteChart
                    
                     		
 
                    Creating a release
                    
+
                    Creating a release
                    
 
                    Release
                    
+
                    Release
                    
 
                    createRelease
                    
+
                    createRelease
                    
                     		
 
                    Upgrading a release
                    
+
                    Upgrading a release
                    
 
                    Release
                    
+
                    Release
                    
 
                    updateRelease
                    
+
                    updateRelease
                    
                     		
 
                    Deleting a release
                    
+
                    Deleting a release
                    
 
                    Release
                    
+
                    Release
                    
 
                    deleteRelease
                    
+
                    deleteRelease
                    
                     		
 
                    Creating a ConfigMap
                    
+
                    Creating a ConfigMap
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createConfigmaps
                    
+
                    createConfigmaps
                    
                     		
 
                    Creating a DaemonSet
                    
+
                    Creating a DaemonSet
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createDaemonsets
                    
+
                    createDaemonsets
                    
                     		
 
                    Creating a Deployment
                    
+
                    Creating a Deployment
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createDeployments
                    
+
                    createDeployments
                    
                     		
 
                    Creating an event
                    
+
                    Creating an event
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createEvents
                    
+
                    createEvents
                    
                     		
 
                    Creating an Ingress
                    
+
                    Creating an Ingress
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createIngresses
                    
+
                    createIngresses
                    
                     		
 
                    Creating a job
                    
+
                    Creating a job
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createJobs
                    
+
                    createJobs
                    
                     		
 
                    Creating a namespace
                    
+
                    Creating a namespace
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createNamespaces
                    
+
                    createNamespaces
                    
                     		
 
                    Creating a node
                    
+
                    Creating a node
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createNodes
                    
+
                    createNodes
                    
                     		
 
                    Creating a PersistentVolumeClaim
                    
+
                    Creating a PersistentVolumeClaim
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createPersistentvolumeclaims
                    
+
                    createPersistentvolumeclaims
                    
                     		
 
                    Creating a pod
                    
+
                    Creating a pod
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createPods
                    
+
                    createPods
                    
                     		
 
                    Creating a replica set
                    
+
                    Creating a replica set
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createReplicasets
                    
+
                    createReplicasets
                    
                     		
 
                    Creating a resource quota
                    
+
                    Creating a resource quota
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createResourcequotas
                    
+
                    createResourcequotas
                    
                     		
 
                    Creating a secret
                    
+
                    Creating a secret
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createSecrets
                    
+
                    createSecrets
                    
                     		
 
                    Creating a service
                    
+
                    Creating a service
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createServices
                    
+
                    createServices
                    
                     		
 
                    Creating a StatefulSet
                    
+
                    Creating a StatefulSet
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createStatefulsets
                    
+
                    createStatefulsets
                    
                     		
 
                    Creating a volume
                    
+
                    Creating a volume
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createVolumes
                    
+
                    createVolumes
                    
                     		
 
                    Deleting a ConfigMap
                    
+
                    Deleting a ConfigMap
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteConfigmaps
                    
+
                    deleteConfigmaps
                    
                     		
 
                    Deleting a DaemonSet
                    
+
                    Deleting a DaemonSet
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteDaemonsets
                    
+
                    deleteDaemonsets
                    
                     		
 
                    Deleting a Deployment
                    
+
                    Deleting a Deployment
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteDeployments
                    
+
                    deleteDeployments
                    
                     		
 
                    Deleting an event
                    
+
                    Deleting an event
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteEvents
                    
+
                    deleteEvents
                    
                     		
 
                    Deleting an Ingress
                    
+
                    Deleting an Ingress
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteIngresses
                    
+
                    deleteIngresses
                    
                     		
 
                    Deleting a job
                    
+
                    Deleting a job
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteJobs
                    
+
                    deleteJobs
                    
                     		
 
                    Deleting a namespace
                    
+
                    Deleting a namespace
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteNamespaces
                    
+
                    deleteNamespaces
                    
                     		
 
                    Deleting a node
                    
+
                    Deleting a node
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteNodes
                    
+
                    deleteNodes
                    
                     		
 
                    Deleting a Pod
                    
+
                    Deleting a Pod
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deletePods
                    
+
                    deletePods
                    
                     		
 
                    Deleting a replica set
                    
+
                    Deleting a replica set
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteReplicasets
                    
+
                    deleteReplicasets
                    
                     		
 
                    Deleting a resource quota
                    
+
                    Deleting a resource quota
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteResourcequotas
                    
+
                    deleteResourcequotas
                    
                     		
 
                    Deleting a secret
                    
+
                    Deleting a secret
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteSecrets
                    
+
                    deleteSecrets
                    
                     		
 
                    Deleting a service
                    
+
                    Deleting a service
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteServices
                    
+
                    deleteServices
                    
                     		
 
                    Deleting a StatefulSet
                    
+
                    Deleting a StatefulSet
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteStatefulsets
                    
+
                    deleteStatefulsets
                    
                     		
 
                    Deleting volumes
                    
+
                    Deleting volumes
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteVolumes
                    
+
                    deleteVolumes
                    
                     		
 
                    Replacing a specified ConfigMap
                    
+
                    Replacing a specified ConfigMap
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateConfigmaps
                    
+
                    updateConfigmaps
                    
                     		
 
                    Replacing a specified DaemonSet
                    
+
                    Replacing a specified DaemonSet
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateDaemonsets
                    
+
                    updateDaemonsets
                    
                     		
 
                    Replacing a specified Deployment
                    
+
                    Replacing a specified Deployment
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateDeployments
                    
+
                    updateDeployments
                    
                     		
 
                    Replacing a specified event
                    
+
                    Replacing a specified event
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateEvents
                    
+
                    updateEvents
                    
                     		
 
                    Replacing a specified ingress
                    
+
                    Replacing a specified ingress
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateIngresses
                    
+
                    updateIngresses
                    
                     		
 
                    Replacing a specified job
                    
+
                    Replacing a specified job
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateJobs
                    
+
                    updateJobs
                    
                     		
 
                    Replacing a specified namespace
                    
+
                    Replacing a specified namespace
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateNamespaces
                    
+
                    updateNamespaces
                    
                     		
 
                    Replacing a specified node
                    
+
                    Replacing a specified node
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateNodes
                    
+
                    updateNodes
                    
                     		
 
                    Replacing a specified PersistentVolumeClaim
                    
+
                    Replacing a specified PersistentVolumeClaim
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updatePersistentvolumeclaims
                    
+
                    updatePersistentvolumeclaims
                    
                     		
 
                    Replacing a specified pod
                    
+
                    Replacing a specified pod
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updatePods
                    
+
                    updatePods
                    
                     		
 
                    Replacing a specified replica set
                    
+
                    Replacing a specified replica set
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateReplicasets
                    
+
                    updateReplicasets
                    
                     		
 
                    Replacing a specified resource quota
                    
+
                    Replacing a specified resource quota
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateResourcequotas
                    
+
                    updateResourcequotas
                    
                     		
 
                    Replacing a specified secret
                    
+
                    Replacing a specified secret
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateSecrets
                    
+
                    updateSecrets
                    
                     		
 
                    Replacing a specified service
                    
+
                    Replacing a specified service
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateServices
                    
+
                    updateServices
                    
                     		
 
                    Replacing a specified StatefulSet
                    
+
                    Replacing a specified StatefulSet
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateStatefulsets
                    
+
                    updateStatefulsets
                    
                     		
 
                    Replacing the specified status
                    
+
                    Replacing the specified status
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateStatus
                    
+
                    updateStatus
                    
                     		
 
                    Uploading a chart
                    
+
                    Uploading a chart
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    uploadChart
                    
+
                    uploadChart
                    
                     		
 
                    Updating a component template
                    
+
                    Updating a component template
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateChart
                    
+
                    updateChart
                    
                     		
 
                    Deleting a chart
                    
+
                    Deleting a chart
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteChart
                    
+
                    deleteChart
                    
                     		
 
                    Creating a template application
                    
+
                    Creating a template application
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    createRelease
                    
+
                    createRelease
                    
                     		
 
                    Updating a template application
                    
+
                    Updating a template application
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    updateRelease
                    
+
                    updateRelease
                    
                     		
 
                    Deleting a template application
                    
+
                    Deleting a template application
                    
 
                    Kubernetes resource
                    
+
                    Kubernetes resource
                    
 
                    deleteRelease
                    
+
                    deleteRelease
                    
                     		
 
                    
                     
 
                    Master Nodes
                    
                     		
 
                    Select the number of master nodes. The master nodes are automatically hosted by CCE and deployed with Kubernetes cluster management components such as kube-apiserver, kube-controller-manager, and kube-scheduler.
                    
-
                    • 3 Masters: Three master nodes will be created for high cluster availability.
                    • Single: Only one master node will be created in your cluster.
                    
-
                    You can also select AZs for the master nodes. By default, AZs are allocated automatically for the master nodes.
                    • Automatic: Master nodes are randomly distributed in different AZs for cluster DR. If there are not enough AZs available, CCE will prioritize assigning nodes in AZs with enough resources to ensure cluster creation. However, this may result in AZ-level DR not being guaranteed.
                    • Custom: Master nodes are deployed in specific AZs.
                      If there is one master node in your cluster, you can select one AZ for the master node. If there are multiple master nodes in your cluster, you can select multiple AZs for the master nodes.
                      • AZ: Master nodes are deployed in different AZs for cluster DR.
                      • Host: Master nodes are deployed on different hosts in the same AZ for cluster DR.
                      • Custom: Master nodes are deployed in the AZs you specified.
                      
+
                      • Multiple: Three master nodes will be created for high cluster availability.
                      • Single: Only one master node will be created in your cluster.
                         NOTE: 
                        • If more than half of the master nodes in a cluster are faulty, the cluster will not run properly. 
                        
+
                        
+
                      
+
                      You can also select AZs for deploying the master nodes of a specific cluster. By default, AZs are allocated automatically for the master nodes.
                      • Automatic: Master nodes are randomly distributed in different AZs for cluster DR. If the number of available AZs is less than the number of nodes to be created, CCE will create the nodes in the AZs with sufficient resources to preferentially ensure cluster creation. In this case, AZ-level DR may not be ensured.
                      • Custom: Master nodes are deployed in specific AZs.
                        If there is one master node in your cluster, you can select one AZ for the master node. If there are multiple master nodes in your cluster, you can select multiple AZs for the master nodes.
                        • AZ: Master nodes are deployed in different AZs for cluster DR.
                        • Host: Master nodes are deployed on different hosts in the same AZ for cluster DR.
                        • Custom: Master nodes are deployed in the AZs you specified.
                        
 
                        
 
                      
 
                      
@@ -54,7 +56,7 @@
 
                      Network Settings
                      
 
                      The network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.
                      
 
-
                      Table 1 Network settings
                      Parameter
                      
+
                      
@@ -65,12 +67,12 @@
 
-
-
                      Table 1 Cluster network settings
                      Parameter
                      
                       		
 
                      Description
                      
 
                      Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after the cluster is created.
                      
                       		
 
                      Subnet
                      
+
                      Node Subnet
                      
                       		
 
                      Select the subnet to which the master nodes belong. If no subnet is available, click Create Subnet to create one. The value cannot be changed after the cluster is created.
                      
                       		
 
                      Default Security Group
                      
+
                      Default Node Security Group
                      
                       		
 
                      Select the security group automatically generated by CCE or use the existing one as the default security group of the node.
                       NOTICE: 
                      The default security group must allow traffic from certain ports to ensure normal communication. Otherwise, the node cannot be created. For details, see Configuring Cluster Security Group Rules.
                      
 
                      
@@ -87,7 +89,7 @@
 
                      
 
                      
 
-
                      Table 2 Network settings
                      Parameter
                      
+
                      
@@ -100,21 +102,28 @@
 
                      For more information about their differences, see Overview.
                      
-
-
-
-
+
+
+
                      Table 2 Container network settings
                      Parameter
                      
                       		
 
                      Description
                      
                       		
 
 
                      Container CIDR Block (configured for CCE standard clusters)
                      
+
                      Container CIDR Block
                      
 
                      Configure the CIDR block used by containers. The value determines the maximum number of containers in your cluster. 
                      
+
                      Specify the CIDR block for containers, which determines the maximum number of containers allowed in the cluster. This parameter is available only for CCE standard clusters. 
                      
                       		
 
                      Default Pod Subnet (configured for CCE Turbo clusters)
                      
+
                      Pod Subnet
                      
 
                      Select the subnet to which the pod belongs. If no subnet is available, click Create Subnet to create one. The pod subnet determines the maximum number of containers in a cluster. You can add pod subnets after a cluster is created.
                      
+
                      Select the subnet to which the pod belongs. If no subnet is available, click Create Subnet to create one. This parameter is available only for CCE Turbo clusters. The pod subnet determines the maximum number of containers in a cluster. You can add pod subnets after a cluster is created.
                      
+
                      Default Security Group
                      
+
                      Select the security group automatically generated by CCE or use the existing one as the default security group of the containers.
                       NOTICE: 
                      The default security group of containers must allow access from specified ports to ensure proper communication between containers in the cluster. For details about how to configure security group ports, see How Can I Configure a Security Group Rule in a Cluster?
                      
+
                      
+
                      
                       		
 
                      
 
 
                      
 
                      
 
-
                      Table 3 Service network
                      Parameter
                      
+
                      
@@ -147,7 +156,12 @@
 
-
+
+
+
-
-
-
+
+
+
+
+
+
+
+
+
-
-
-
-
@@ -263,19 +282,14 @@
 
                      Table 3 Service network settings
                      Parameter
                      
                       		
 
                      Description
                      
                       		
 
                      
 
                      Certificate Authentication
                      
+
                      IAM Authentication
                      
+
                      CCE clusters support IAM authentication. You can call IAM authenticated APIs to access CCE clusters.
                      
+
                      Certificate Authentication
                      
                       		
 
                      • If Automatically generated is selected, the X509-based authentication mode will be enabled by default. X509 is a commonly used certificate format.
                      • If Bring your own is selected, the cluster can identify users based on the header in the request body for authentication.
                        Upload your CA root certificate, client certificate, and private key.
                        
 
                         CAUTION: 
                        • Upload a file smaller than 1 MB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted.
                        • The validity period of the client certificate must be longer than five years.
                        • The uploaded CA root certificate is used by the authentication proxy and for configuring the kube-apiserver aggregation layer. If any of the uploaded certificates is invalid, the cluster cannot be created. 
                        • Starting from v1.25, Kubernetes no longer supports certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. The certificate authentication generated using the SHA256 algorithm is supported instead.
                        
@@ -160,11 +174,6 @@
 
                      If enabled, exclusive CPU cores can be allocated to workload pods. For details, see CPU Policy.
                      
                       		
 
                      Overload Control
                      
-
                      After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster.
                      
-
                      
 
                      Disk Encryption for Master Nodes
                      
                       		
 
                      If enabled, dynamic data and static data on disks can be encrypted, providing powerful security protection for your data.
                      
@@ -172,10 +181,25 @@
 
                      This function is available only for clusters of v1.25 or later.
                      
                       		
 
                      Overload Control
                      
+
                      After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster.
                      
+
                      Cluster Deletion Protection
                      
+
                      A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters on CCE. You can modify the function status in the cluster Settings after creating it.
                      
+
                      Time Zone
                      
+
                      The cluster's scheduled tasks and nodes are subject to the chosen time zone.
                      
+
                      
 
                      Resource Tag
                      
                       		
 
                      You can add resource tags to classify resources. A maximum of 20 resource tags can be added.
                      
-
                      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                      
+
                      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                      
                       		
 
                      
 
                      Description
                      
@@ -221,12 +245,7 @@
 
 
                      
 
                      Cloud Native Cluster Monitoring
                      
-
                      (Optional) If selected, this add-on (Cloud Native Cluster Monitoring) will be automatically installed. Cloud Native Cluster Monitoring collects monitoring metrics for your cluster and reports the metrics to AOM. The agent mode does not support HPA based on custom Prometheus statements. If related functions are required, install this add-on manually after the cluster is created.
                      
-
                      CCE Node Problem Detector
                      
+
                      CCE Node Problem Detector
                      
                       		
 
                      (Optional) If selected, this add-on (CCE Node Problem Detector) will be automatically installed to detect faults and isolate nodes for prompt cluster troubleshooting.
                      
 
                      
 
                      
 
                      
-
                      Observability
+
                      Observability
 
                      
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0031.html b/docs/cce/umn/cce_10_0031.html
index 4eb6b617f..82e33eddc 100644
--- a/docs/cce/umn/cce_10_0031.html
+++ b/docs/cce/umn/cce_10_0031.html
@@ -14,6 +14,8 @@
 
                    • Deleting a Cluster
                      
 
                      • 
+
                    • Preventing Cluster Deletion
                      
+
                    • Hibernating or Waking Up a Cluster
                      
 
                      • 
diff --git a/docs/cce/umn/cce_10_0034.html b/docs/cce/umn/cce_10_0034.html
index 4a131af41..a244294fb 100644
--- a/docs/cce/umn/cce_10_0034.html
+++ b/docs/cce/umn/cce_10_0034.html
@@ -4,71 +4,160 @@
 
                      Introduction
                      Kubernetes uses kube-proxy to expose Services and provide load balancing. The implementation is at the transport layer. When it comes to Internet applications, where a bucket-load of information is generated, forwarding needs to be more fine-grained, precisely and flexibly controlled by policies and load balancers to deliver higher performance.
                      
 
                      This is where ingresses enter. Ingresses provide application-layer forwarding functions, such as virtual hosts, load balancing, SSL proxy, and HTTP routing, for Services that can be directly accessed outside a cluster.
                      
 
                      Kubernetes has officially released the Nginx-based Ingress controller. CCE Nginx Ingress controller directly uses community templates and images. The NGINX Ingress Controller generates Nginx configuration and stores the configuration using ConfigMap. The configuration will be written to Nginx pods through the Kubernetes API. In this way, the Nginx configuration is modified and updated. For details, see How the Add-on Works.
                      
-
                      You can visit the open source community for more information.
                      
-
                       
                      • Starting from version 2.3.3, NGINX Ingress Controller only supports TLS v1.2 and v1.3 by default. If the TLS version is earlier than v1.2, an error will occur during the negotiation process between the client and Nginx Ingress. If more versions of TLS are needed, see TLS/HTTPS.
                      • When installing the NGINX Ingress Controller, you can specify Nginx parameters. These parameters take effect globally and are contained in the nginx.conf file. You can search for the parameters in ConfigMaps. If the parameters are not included in ConfigMaps, the configurations will not take effect.
                      • Do not manually modify or delete the load balancer and listener that are automatically created by CCE. Otherwise, the workload will be abnormal. If you have modified or deleted them by mistake, uninstall the nginx-ingress add-on and re-install it.
                      
+
                      Open source community: https://github.com/kubernetes/ingress-nginx
                      
+
                       
                      • Starting from version 2.3.3, NGINX Ingress Controller only supports TLS v1.2 and v1.3 by default. If the TLS version is earlier than v1.2, an error will occur during the negotiation process between the client and Nginx Ingress. If more versions of TLS are needed, see TLS/HTTPS.
                      • When installing the NGINX Ingress Controller, you can specify Nginx parameters. These parameters take effect globally and are contained in the nginx.conf file. You can search for the parameters in ConfigMaps. If the parameters are not included in ConfigMaps, the configurations will not take effect.
                      • Do not manually modify or delete the load balancer and listener that are automatically created by CCE. Otherwise, the workload will be abnormal. If you have modified or deleted them by mistake, uninstall the nginx-ingress add-on and re-install it.
                      
 
                      
 
                      
 
                      How the Add-on Works
                      NGINX Ingress Controller consists of the ingress object, ingress controller, and Nginx. The ingress controller assembles ingresses into the Nginx configuration file (nginx.conf) and reloads Nginx to make the changed configurations take effect. When it detects that the pod in a Service changes, it dynamically changes the upstream server group configuration of Nginx. In this case, the Nginx process does not need to be reloaded. Figure 1 shows how this add-on works.
                      
 
                      • An ingress is a group of access rules that forward requests to specified Services based on domain names or URLs. Ingresses are stored in the object storage service etcd and are added, deleted, modified, and queried through APIs.
                      • The ingress controller monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time and automatically performs operations on Nginx.
                      • Nginx implements load balancing and access control at the application layer.
                      
-
                      Figure 1 Working principles of NGINX Ingress Controller
                      
+
                      Figure 1 Working principles of NGINX Ingress Controller
                      
 
                      
-
                      Precautions
                      • For clusters earlier than v1.23, kubernetes.io/ingress.class: "nginx" must be added to the annotation of the ingress created through the API. 
                      • Dedicated load balancers must be the network type (TCP/UDP) supporting private networks (with a private IP).
                      • If the node where NGINX Ingress Controller runs and containers on this node cannot access Nginx ingress, you need to configure anti-affinity for the workload pods and Nginx Ingress Controller. For details, see Configuring Anti-affinity Between a Workload and Nginx Ingress Controller.
                      • During the NGINX Ingress Controller pod upgrade, 10s are reserved for deleting the NGINX Ingress Controller at the ELB backend.
                      • The timeout duration for the graceful exit of the NGINX Ingress Controller is 300s. If the timeout duration is longer than 300s during the upgrade of the NGINX Ingress Controller, persistent connections will be disconnected, and connectivity will be interrupted for a short period of time.
                      
+
                      Precautions
                      • For clusters earlier than v1.23, kubernetes.io/ingress.class: "nginx" must be added to the annotation of the ingress created through the API. 
                      • A dedicated load balancer must be of the network type (TCP/UDP) and support private networks (with a private IP address).
                      • If the node where NGINX Ingress Controller runs and containers on this node cannot access Nginx ingress, you need to configure anti-affinity for the workload pods and Nginx Ingress Controller. For details, see Configuring Anti-affinity Between a Workload and Nginx Ingress Controller.
                      • During the NGINX Ingress Controller pod upgrade, 10s are reserved for deleting the NGINX Ingress Controller at the ELB backend.
                      • The timeout duration for the graceful exit of the NGINX Ingress Controller is 300s. If the timeout duration is longer than 300s during the upgrade of the NGINX Ingress Controller, persistent connections will be disconnected, and connectivity will be interrupted for a short period of time.
                      
 
                      
 
                      Prerequisites
                      Before installing this add-on, you have one available cluster and there is a node running properly. If no cluster is available, create one according to Creating a CCE Standard/Turbo Cluster.
                      
 
                      
-
                      Installing the Add-on
                      1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate NGINX Ingress Controller on the right, and click Install.
                      2. On the Install Add-on page, configure the specifications.
                        
-
                      Add-on Name
                      
                       		
 
                      Description
                      
                       		
 
                      
 
                      Cloud Native Cluster Monitoring
                      
-
                      Select an AOM instance for Cloud Native Cluster Monitoring to report metrics. If no AOM instance is available, click Creating Instance to create one.
                      
-
                      CCE Node Problem Detector
                      
+
                      CCE Node Problem Detector
                      
                       		
 
                      This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.
                      
                       		
 
 
 
                      Table 1 Add-on configuration
                      Parameter
                      
+
                      Installing the Add-on
                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate NGINX Ingress Controller on the right, and click Install.
                      2. On the Install Add-on page, configure the specifications as needed.
                        You can adjust the number of add-on instances and resource quotas as required. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                        
+
                      3. Configure the add-on parameters.
                        • Ingress Class: Enter a custom controller name, which uniquely identifies an Ingress controller. The name of each controller in the same cluster must be unique and cannot be set to cce. (cce is the unique identifier of the ELB Ingress Controller.) When creating an Ingress, you can specify the controller name to declare which controller should manage this Ingress.
                        • Namespace for add-on installation: Select a namespace for the ingress controller.
                        • Load Balancer: Select a shared or dedicated load balancer. If no load balancer is available, create one. The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.
                        • Admission Check: Admission control is performed on Ingresses to ensure that the controller can generate valid configurations. Admission verification is performed on the configuration of Nginx Ingresses. If the verification fails, the request will be intercepted. For details about admission verification, see Access Control.
                           
                          • Admission check slows down the responses to Ingress requests.
                          • Only add-ons of version 2.4.1 or later support admission verification.
                          
+
                          
+
                        • Nginx Parameters: You can configure the nginx.conf file, which will affect all managed ingresses. You can select GUI or YAML. GUI is supported by the NGINX Ingress Controller of version 2.2.75, 2.6.26, 3.0.1, or later.
                          To configure custom parameters supported by the Kubernetes community, choose YAML and find the related parameters in ConfigMaps. For example, you can use the keep-alive-requests parameter to describe how to set the maximum number of requests for keeping active connections to 100.
                          
+
                          {
+    "keep-alive-requests": "100"
+}
                          
+
                           
                          • If the parameters you configure are not listed in ConfigMaps, the configurations will not take effect.
                          • The parameter value must be a string. Otherwise, the installation fails.
                          
+
                          
+
                          The table below shows parameters can be configured on the GUI of the NGINX Ingress Controller add-on of version 2.2.75, 2.6.26, 3.0.1, and later.
+
                          
-
+
-
-
+
-
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                          Nginx Parameter
                          
 
                          Description
                          
+
                          Description
                          
+
                          Default Value
                          
                           		
 
                          
 
                          Add-on Specifications
                          
+
                          Maximum Worker Connections
                          
 
                          Nginx Ingress can be deployed based on customized resource specifications.
                          
+
                          Specifies the maximum number of connections that can be concurrently processed by each NGINX worker process. This parameter is used to control the load of worker processes. In a high-concurrency environment, you are advised to set this parameter to a large value to ensure system stability. Such connections include client connections and connections to backend servers.
                          
+
                          65536
                          
                           		
 
                          Pods
                          
+
                          Maximum Keepalive Requests
                          
 
                          You can adjust the number of add-on instances as required.
                          
-
                          High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                          
+
                          Controls how many requests can be processed by a keepalive connection. If requests exhaust the limit, the connection is closed.
                          
+
                          100
                          
                           		
 
                          Containers
                          
+
                          Maximum Keepalive Connection to the Upstream Server
                          
 
                          You can adjust the container specifications of an add-on instance as required.
                          
+
                          Activates the cache connected to an upstream server. This parameter sets how many idle keepalive connections can be stored in the cache of each worker process. If the idle connections stored in a process exhaust the limit, the connections that are not used for the longest time will be closed.
                          
+
                          320
                          
+
                          Maximum Keepalive Timeout of the Upstream Server
                          
+
                          Specifies the timeout interval (in seconds) of the keepalive connections between the upstream server and backend server. During this period, NGINX Ingress Controller can maintain connections for reuse. This reduces the overhead required for establishing new connections and significantly improves performance in high QPS scenarios.
                          
+
                          900
                          
+
                          Request Timeout
                          
+
                          Specifies the timeout interval (in seconds) for establishing a connection between a client and the proxy server. If the backend server cannot be accessed within 10 seconds, NGINX Ingress Controller will return the 502 Bad Gateway error. It applies to scenarios where the connection speed is high.
                          
+
                          10
                          
+
                          Maximum Request Body Size
                          
+
                          Specifies the maximum size of a request body that can be accepted by the Nginx proxy when it sends the request to the backend server. This value limits the size of a file to be uploaded or a big data table to be submitted. If the size of any request body exceeds the limit, the 413 Payload Too Large error will be returned.
                          
+
                          20m
                          
+
                          Allow the Backend to Return Server Headers
                          
+
                          Typically, NGINX Ingress Controller eliminates the server header information sent by a backend server to a client, which identifies the server. However, if this parameter is set to true, the NGINX Ingress Controller will transmit the server header information directly from the backend server to the client. To prevent revealing the server type and version, it is recommended that you disable this feature.
                          
+
                          Disable
                          
+
                          Allow Underscores in Headers
                          
+
                          Some HTTP headers may contain underscores (_), such as X_Custom-Header, but this is not recommended according to Request For Comments (RFC) standards. So underscores are not allowed by many servers by default. You can activate this parameter if you require underscores in certain headers, such as when third-party services or clients use underscores in their header information.
                          
+
                          Disable
                          
+
                          Generate a Request ID
                          
+
                          After a request is received, NGINX Ingress Controller generates a unique request ID. This ID is usually recorded in logs or transferred to a backend server through header information. This is useful for tracing and debugging requests, especially for locating problems in distributed systems.
                          
+
                          Enable
                          
+
                          Ignore Invalid Headers
                          
+
                          By default, NGINX Ingress Controller rejects HTTP requests that contain an invalid header. With this setting enabled, NGINX Ingress Controller will ignore invalid headers and keep on processing requests. It is useful for clients that do not fully comply with the HTTP standard.
                          
+
                          Enable
                          
+
                          Reuse Ports
                          
+
                          Enabling SO_REUSEPORT allows multiple processes or threads to be bound to the same {IP}:{Port}. This can effectively improve the concurrent performance of servers, especially for those with multi-core CPUs. With this function enabled, a port can accept more new connections.
                          
+
                          Enable
                          
+
                          Allow Server Information in Request Body
                          
+
                          Disables the server information added to a response header by NGINX Ingress Controller by default. The information usually contains the NGINX version. Disabling this option helps hide server information, enhancing security and preventing attackers from using version information to attack the system.
                          
+
                          Disable
                          
+
                          Automatically Redirect HTTP to HTTPS
                          
+
                          Disables automatic redirection from HTTP to HTTPS. For example, if you want to use HTTPS only for specific pages, such as the login page, and HTTP for other pages, you can disable the default redirection using this option.
                          
+
                          Disable
                          
+
                          CPU Affinity of Worker Threads
                          
+
                          Automatically allocates worker processes to specific CPU cores to improve the performance of multi-core systems. For example, on a multi-core server, some worker processes can be bound on a specific CPU core. This reduces context switching and improves processing efficiency.
                          
+
                          Auto
                          
                           		
 
                          
                           
 
                          
 
                          
-
                        • Configure the add-on parameters.
                          • Ingress Class: Enter a custom controller name, which uniquely identifies an Ingress controller. The name of each controller in the same cluster must be unique and cannot be set to cce. (cce is the unique identifier of the ELB Ingress Controller.) When creating an Ingress, you can specify the controller name to declare which controller should manage this Ingress.
                          • Namespace: Select a namespace where the ingress controller is in.
                          • Load Balancer: Select a shared or dedicated load balancer. If no load balancer is available, create one. The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.
                          • Admission Check: Admission control is performed on Ingresses to ensure that the controller can generate valid configurations. Admission verification is performed on the configuration of Nginx Ingresses. If the verification fails, the request will be intercepted. For details about admission verification, see Access Control.
                             
                            • Admission check slows down the responses to Ingress requests.
                            • Only add-ons of version 2.4.1 or later support admission verification.
                            
-
                            
-
                          • Nginx Parameters: Configuring the nginx.conf file will affect all managed ingresses. You can search for related parameters through ConfigMaps. If the parameters you configured are not included in the options listed in the ConfigMaps, the parameters will not take effect.
                            For example, you can use the keep-alive-requests parameter to describe how to set the maximum number of requests for keeping active connections to 100.
                            
-
                            {
-    "keep-alive-requests": "100"
-}
                            
-
                          • Enabling Indicator Collection: If the add-on version is 2.4.12 or later, Prometheus monitoring metrics can be collected. 
                          • Default server certificate: Select an IngressTLS or kubernetes.io/tls key to configure the default certificate when an Nginx Ingress Controller is started. If no secret is available, click Create TLS Secret. For details, see Creating a Secret. For details about the default server certificate, see Default SSL Certificate.
                          • 404 Service: By default, the 404 service provided by the add-on is used. To customize the 404 service, enter the namespace/service name. If the service does not exist, the add-on installation will fail.
                          • Adding a TCP/UDP Service: By default, Nginx Ingress Controller can forward only external HTTP and HTTPS traffic. You can add TCP/UDP port mapping to forward external TCP/UDP traffic to services in the cluster. For more information about adding TCP/UDP services, see Exposing TCP and UDP services.
                            • Protocol: Select TCP or UDP.
                            • Service Port: specifies the port used by the ELB listener. The port number ranges from 1 to 65535.
                            • Target Service Namespace: Select the namespace where the Service is in.
                            • Destination Service: Select an existing Service. Any services that do not match the search criteria will be filtered out automatically.
                            • Destination Service Port: Select the access port of the destination Service.
                            
+
                      
+
                    • Enabling Indicator Collection: If the add-on version is 2.4.12 or later, Prometheus monitoring metrics can be collected. 
                    • Default certificate of the server: Select an IngressTLS or kubernetes.io/tls key to configure the default certificate when the NGINX Ingress Controller is started. If no secret is available, click Create TLS Secret. For details, see Creating a Secret. For details about the default server certificate, see Default SSL Certificate.
                    • 404 Service: By default, the 404 service provided by the add-on is used. To customize the 404 service, enter the namespace/service name. If the service does not exist, the add-on installation will fail.
                    • Adding a TCP/UDP Service: By default, Nginx Ingress Controller can forward only external HTTP and HTTPS traffic. You can add TCP/UDP port mapping to forward external TCP/UDP traffic to services in the cluster. For more information about adding TCP/UDP services, see Exposing TCP and UDP services.
                      • Protocol: Select TCP or UDP.
                      • Service Port: specifies the port used by the ELB listener. The port number ranges from 1 to 65535.
                      • Target Service Namespace: Select the namespace where the Service is in.
                      • Destination Service: Select an existing Service. Any Services that do not match the search criteria will be filtered out automatically.
                      • Destination Service Port: Select the access port of the destination Service.
                      
 
                       
                      • If the cluster version is v1.19.16-r5, v1.21.8-r0, v1.23.6-r0, or later, the TCP/UDP hybrid protocols can be configured.
                      • If the cluster version is v1.19.16-r5, v1.21.8-r0, v1.23.6-r0, v1.25.2-r0, or later, you can configure the TCP/UDP hybrid protocols to use the same external port.
                      
 
                      
+
                    • (Optional) Extended Parameter Settings: additional extended parameters of the add-on If the extended parameter settings conflict with the default settings, the extended parameter settings will be prioritized.
                      • extraArgs: additional configurable startup parameters of the nginx-ingress-controller component. For details about the startup parameters supported by the community, see the documentation.
                      • extraInitContainers: initial container configuration of nginx-ingress-controller. This parameter is supported by add-on 2.2.82, 2.6.32, 3.0.8 and later, with optimized kernel settings by default.
                      • maxmindLicenseKey: Maxmind license key, which can be used to download GeoLite2 databases. This parameter is supported by add-on 2.2.82, 2.6.32, 3.0.8, and later. It is mandatory for NGINX Ingress Controller to configure the use-geoip2 capability.
                      
 
                      • 
-
                    • Configure scheduling policies for the add-on.
                       
                      • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                      • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                      
+
                    • Configure deployment policies for the add-on pods.
                       
                      • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                      • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                      
 
                      
 
-
                      Table 2 Configurations for add-on scheduling
                      Parameter
                      
+
                      
-
-
-
@@ -84,29 +173,29 @@
 
                    • Click Install.
                      • 
-
                      Installing Multiple Nginx Ingress Controllers
                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate the installed Nginx Ingress Controller, and click New.
                      2. On the page displayed, reconfigure the add-on parameters. For details, see Installing the Add-on.
                      3. Click Install.
                      4. Wait until the installation instruction is delivered. Go back to Add-ons, click Manage, and view the installed add-on instance on the add-on details page.
                      
+
                      Installing Multiple NGINX Ingress Controllers
                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate the installed Nginx Ingress Controller, and click New.
                      2. On the page displayed, reconfigure the add-on parameters. For details, see Installing the Add-on.
                      3. Click Install.
                      4. Wait until the installation instruction is delivered. Go back to Add-ons, click Manage, and view the installed add-on instance on the add-on details page.
                      
 
                      
 
                      Components
                      
-
                      Table 1 Configurations for add-on scheduling
                      Parameter
                      
                       		
 
                      Description
                      
                       		
 
                      
 
                      Multi AZ
                      
+
                      Multi-AZ Deployment
                      
 
                      • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                      • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                      • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                      
+
                      • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                      • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                      • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                      
                       		
 
                      
 
                      Node Affinity
                      
 
                      • Not configured: Node affinity is disabled for the add-on.
                      • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                      • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                      • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                        If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                        
+
                      • Not configured: Node affinity is disabled for the add-on.
                      • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                      • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                      • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                        If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                        
 
                      
                       		
 
                      
 
 
                      Table 3 Add-on components
                      Component
                      
+
                      
-
-
-
-
-
@@ -155,27 +244,53 @@ spec:
                 - kube-system              topologyKey: kubernetes.io/hostname
-
                      Change History
                      
-
                      Table 2 Add-on components
                      Component
                      
 
                      Description
                      
+
                      Description
                      
                       		
 
                      Resource Type
                      
                       		
 
                      
 
                      cceaddon-nginx-ingress-<Controller name>-controller
                      
+
                      cceaddon-nginx-ingress-<Controller name>-controller
                      
 
                      (The controller name in versions earlier than 2.5.4 is cceaddon-nginx-ingress-controller.)
                      
 
                      Nginx Ingress controller, which provides flexible routing and forwarding for clusters
                      
+
                      Nginx Ingress controller, which provides flexible routing and forwarding for clusters
                      
                       		
 
                      Deployment
                      
                       		
 
                      cceaddon-nginx-ingress-<Controller name>-backend
                      
+
                      cceaddon-nginx-ingress-<Controller name>-backend
                      
 
                      (The controller name in versions earlier than 2.5.4 is cceaddon-nginx-ingress-default-backend.)
                      
 
                      Default backend of Nginx Ingress. The message "default backend - 404" is returned.
                      
+
                      Default backend of Nginx Ingress. The message "default backend - 404" is returned.
                      
                       		
 
                      Deployment
                      
                       		
 
 
                      Table 4 Release history for NGINX Ingress Controller 2.6.x
                      Add-on Version
                      
+
                      Change History
                      
+
                      
-
-
-
-
-
+
+
+
+
+
                      Table 3 Release history for NGINX Ingress Controller 3.0.x
                      Add-on Version
                      
 
                      Supported Cluster Version
                      
+
                      Supported Cluster Version
                      
 
                      New Feature
                      
+
                      New Feature
                      
 
                      Community Version
                      
+
                      Community Version
                      
                       		
 
                      
 
                      2.6.5
                      
+
                      3.0.8
                      
 
                      v1.25
                      
+
                      v1.27
                      
+
                      v1.28
                      
+
                      v1.29
                      
+
                      v1.30
                      
+
                      • Updated the add-on to its community version v1.11.2.
                      • Fixed the CVE-2024-7646 vulnerability.
                      
+
                      1.11.2
                      
+
                      
+
                      
+
+
                      
+
+
+
+
+
+
+
-
-
diff --git a/docs/cce/umn/cce_10_00356.html b/docs/cce/umn/cce_10_00356.html
index 77ff2edca..bdffd4c97 100644
--- a/docs/cce/umn/cce_10_00356.html
+++ b/docs/cce/umn/cce_10_00356.html
@@ -3,6 +3,8 @@
 
                      Logging In to a Container
                      Scenario
                      If you encounter unexpected problems when using a container, you can log in to the container to debug it.
                      
 
                      
+
                      Notes and Constraints
                      When using CloudShell to access a CCE cluster or container, you can open a maximum of 15 instances simultaneously.
                      
+
                      
 
                      Using kubectl
                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                      2. Run the following command to view the created pod:
                        kubectl get pod
                        
 
                        The example output is as follows:
                        NAME                               READY   STATUS    RESTARTS       AGE
 nginx-59d89cb66f-mhljr             1/1     Running   0              11m
                        
diff --git a/docs/cce/umn/cce_10_0036.html b/docs/cce/umn/cce_10_0036.html
index 194759387..d2c3a7ac8 100644
--- a/docs/cce/umn/cce_10_0036.html
+++ b/docs/cce/umn/cce_10_0036.html
@@ -3,10 +3,9 @@
 
                        Stopping a Node
                        
 
                        Scenario
                        When a node in the cluster is stopped, all services on that node will also be stopped, and the node will no longer be available for scheduling. Check if your services will be affected before stopping a node.
                        
 
                        
-
                        Precautions
                        • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                        • Unexpected risks may occur during the operation. Back up data beforehand.
                        
+
                        Precautions
                        • Stopping a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                        • Unexpected risks may occur during the operation. Back up data beforehand.
                        
 
                        
-
                        Procedure
                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                        2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                        3. Locate the target node and click its name.
                        4. In the upper right corner of the ECS details page, click Stop. In the displayed dialog box, click Yes.
                          Figure 1 ECS details page
                          
-
                        
+
                        Procedure
                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                        2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                        3. Locate the target node and click its name.
                        4. In the upper right corner of the ECS details page, click Stop. In the displayed dialog box, click OK.
                        
 
                        
 
                        
 
                        
diff --git a/docs/cce/umn/cce_10_0045.html b/docs/cce/umn/cce_10_0045.html
index 9694dada4..f1d3a2009 100644
--- a/docs/cce/umn/cce_10_0045.html
+++ b/docs/cce/umn/cce_10_0045.html
@@ -7,11 +7,11 @@
 
                      3. Creating a ConfigMap
                        
 
                        4. 
 
                      4. Using a ConfigMap
                        
-After a ConfigMap is created, it can be used in three workload scenarios: environment variables, command line parameters, and data volumes.
                        5. 
+
 
                      5. Creating a Secret
                        
 
                        6. 
 
                      6. Using a Secret
                        
-After secrets are created, they can be mounted as data volumes or be exposed as environment variables to be used by a container in a pod.
                        7. 
+
 
                      7. Cluster Secrets
                        
 
                        8. 
 
diff --git a/docs/cce/umn/cce_10_0046.html b/docs/cce/umn/cce_10_0046.html
index ec6e799b8..8c2057448 100644
--- a/docs/cce/umn/cce_10_0046.html
+++ b/docs/cce/umn/cce_10_0046.html
@@ -5,11 +5,13 @@
 
                        
 
                          
 
                        • Overview
                          
-A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is an abstract model of a group of pods in Kubernetes. Workloads in Kubernetes are classified as Deployments, StatefulSets, DaemonSets, jobs, and cron jobs.
                          • 
+
 
                        • Creating a Workload
                          
 
                          • 
 
                        • Configuring a Workload
                          
 
                          • 
+
                        • Scheduling a Workload
                          
+
                          • 
 
                        • Logging In to a Container
                          
 
                          • 
 
                        • Managing Workloads
                          
diff --git a/docs/cce/umn/cce_10_0047.html b/docs/cce/umn/cce_10_0047.html
index ceea984a1..9c5be53fb 100644
--- a/docs/cce/umn/cce_10_0047.html
+++ b/docs/cce/umn/cce_10_0047.html
@@ -81,10 +81,10 @@
 
                          (Optional) Service Settings
                          
 
                          A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.
                          
 
                          You can also create a Service after creating a workload. For details about Services of different types, see Overview.
                          
-
                          (Optional) Advanced Settings
                          • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
                          • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                            • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                              • Multi-AZ deployment is preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ but onto different nodes for high availability. If there are fewer nodes than pods, the extra pods will fail to run.
                              • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                              • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                              
-
                            • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                              • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                              • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                              • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                              
+
                              (Optional) Advanced Settings
                              • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
                              • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                                • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                                  • Not configured: No load affinity policy is configured.
                                  • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                                  • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                                  • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                  
+
                                • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                                  • Not configured: No node affinity policy is configured.
                                  • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                  • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                  • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                                  
 
                                
-
                              • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                              • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                              • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                              • Network Configuration
+
                              • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                              • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                              • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                              • Network Configuration
                                • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                                • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                                • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                                
 
                              
 
                              
 
                            • Click Create Workload in the lower right corner.
                      
@@ -232,7 +232,7 @@ spec:
 
                      If the following information is displayed, the Deployment is running.
                      
 
                      NAME           READY     UP-TO-DATE   AVAILABLE   AGE 
 nginx          1/1       1            1           4m5s
                      
-
                      Parameter description
                      
+
                      Parameters
                      
 
                      • NAME: Name of the application running in the pod.
                      • READY: indicates the number of available workloads. The value is displayed as "the number of available pods/the number of expected pods".
                      • UP-TO-DATE: indicates the number of replicas that have been updated.
                      • AVAILABLE: indicates the number of available pods.
                      • AGE: period the Deployment keeps running
                      
 
                    • If the Deployment will be accessed through a ClusterIP or NodePort Service, configure the access mode. For details, see Network.
                      • 
 
                      
diff --git a/docs/cce/umn/cce_10_0048.html b/docs/cce/umn/cce_10_0048.html
index b8bc2e922..cabd6c466 100644
--- a/docs/cce/umn/cce_10_0048.html
+++ b/docs/cce/umn/cce_10_0048.html
@@ -89,10 +89,10 @@
 
                      You can also create a Service after creating a workload. For details about Services of different types, see Overview.
                      
 
                      (Optional) Advanced Settings
                      • Upgrade: Specify the upgrade mode and parameters of the workload. Rolling upgrade and Replace upgrade are available. For details, see Configuring Workload Upgrade Policies.
                      • Pod Management Policies
                        For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.
                        
 
                        • OrderedReady: The StatefulSet will deploy, delete, or scale pods in order and one by one. (The StatefulSet continues only after the previous pod is ready or deleted.) This is the default policy.
                        • Parallel: The StatefulSet will create pods in parallel to match the desired scale without waiting, and will delete all pods at once.
                        
-
                      • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                        • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                          • Multi-AZ deployment is preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ but onto different nodes for high availability. If there are fewer nodes than pods, the extra pods will fail to run.
                          • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                          • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                          
-
                        • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                          • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                          • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                          • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                          
+
                        • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Load affinity and node affinity are provided.
                          • Load Affinity: Common load affinity policies are offered for quick load affinity deployment.
                            • Not configured: No load affinity policy is configured.
                            • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                            • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity (podAntiAffinity). If there are fewer AZs than pods, the extra pods will fail to run.
                            • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                            
+
                          • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                            • Not configured: No node affinity policy is configured.
                            • Node Affinity: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                            • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                            • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                            
 
                          
-
                        • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                        • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                        • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                        • Network Configuration
                          • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                          • Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see Configuring a Static IP Address for a Pod.
                          • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                          
+
                        • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                        • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                        • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                        • Network Configuration
                          • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                          • Whether to enable the static IP address: available only for clusters that support this function. After this function is enabled, you can set the interval for reclaiming expired pod IP addresses. For details, see Configuring a Static IP Address for a Pod.
                          • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                          • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                          • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                          
 
                        
 
                      
 
                    • Click Create Workload in the lower right corner.
                      • 
diff --git a/docs/cce/umn/cce_10_0054.html b/docs/cce/umn/cce_10_0054.html
index 34c770c59..4c636ad3d 100644
--- a/docs/cce/umn/cce_10_0054.html
+++ b/docs/cce/umn/cce_10_0054.html
@@ -247,91 +247,112 @@
 
                      Table 4 Release history for NGINX Ingress Controller 2.6.x
                      Add-on Version
                      
+
                      Supported Cluster Version
                      
+
                      New Feature
                      
+
                      Community Version
                      
+
                      2.6.5
                      
+
                      v1.25
                      
 
                      v1.27
                      
 
                      v1.28
                      
 
                      v1.29
                      
 
                      Metric collection can be disabled in the startup command.
                      
+
                      Metric collection can be disabled in the startup command.
                      
 
                      1.9.6
                      
+
                      1.9.6
                      
                       		
 
                      
                       
 
                      
 
                      
 
                      
-
                      Load Balancing
                      
-
                      Table 3 Service ELB
                      Operation
                      
+
                      Containers
                      
+
                      
-
-
-
-
-
-
+
                      Table 3 Containers
                      Operation
                      
 
                      Impact
                      
+
                      Impact
                      
 
                      Solution
                      
+
                      Solution
                      
                       		
 
                      
 
                      Deleting a load balancer that has been bound to a CCE cluster on the ELB console
                      
+
                      Configuring privileged containers for a workload and directly operating the host hardware, which are prone to misoperations on the system files of the node
                      
+
                      For example, if you set the startup command to /usr/sbin/init and run systemctl in containers, the system files located in the /lib directory of the node may be damaged.
                      
 
                      Accessing the target Service or ingress will fail.
                      
+
                      All mount points of the node will be unmounted. As a result, the node will be malfunctional, resulting in failed pods and affected storage add-on functions.
                      
 
                      Do not delete such a load balancer.
                      
+
                      Do not remove the mount points in the /lib directory of a node. Reset the node for recovery. For details, see Resetting a Node.
                      
                       		
 
                      Disabling a load balancer that has been bound to a CCE cluster on the ELB console
                      
+
                      
+
                      
+
                      
+
                      Load Balancing
                      
+
                      
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
@@ -339,26 +360,26 @@
 
                      Logs
                      
-
                      Table 4 Service ELB
                      Operation
                      
+
                      Impact
                      
+
                      Solution
                      
+
                      Deleting a load balancer that has been bound to a CCE cluster on the ELB console
                      
 
                      Accessing the target Service or ingress will fail.
                      
+
                      Accessing the target Service or ingress will fail.
                      
 
                      Do not disable such a load balancer. If a load balancer has been disabled, enable it.
                      
+
                      Do not delete such a load balancer.
                      
                       		
 
                      Changing the private IPv4 address of a load balancer on the ELB console
                      
+
                      Disabling a load balancer that has been bound to a CCE cluster on the ELB console
                      
 
                      • The network traffic forwarded using the private IPv4 addresses will be interrupted.
                      • The IP addresses in the status field of Service or ingress YAML files will be changed.
                      
+
                      Accessing the target Service or ingress will fail.
                      
 
                      Do not change private IPv4 addresses of load balancers. Change them back if they have been changed.
                      
+
                      Do not disable such a load balancer. If a load balancer has been disabled, enable it.
                      
                       		
 
                      Unbinding the IPv4 EIP from a load balancer on the ELB console
                      
+
                      Changing the private IPv4 address of a load balancer on the ELB console
                      
 
                      After the EIP is unbound from the load balancer, the load balancer will not be able to forward Internet traffic.
                      
+
                      • The network traffic forwarded using the private IPv4 addresses will be interrupted.
                      • The IP addresses in the status field of Service or ingress YAML files will be changed.
                      
 
                      Restore the EIP binding.
                      
+
                      Do not change private IPv4 addresses of load balancers. Change them back if they have been changed.
                      
                       		
 
                      Creating a custom listener on the ELB console for the load balancer managed by CCE
                      
+
                      Unbinding the IPv4 EIP from a load balancer on the ELB console
                      
 
                      If a load balancer is automatically created when a Service or an ingress is created, the custom listener of the load balancer cannot be deleted when the Service or ingress is deleted. In this case, the load balancer cannot be automatically deleted.
                      
+
                      After the EIP is unbound from the load balancer, the load balancer will not be able to forward Internet traffic.
                      
 
                      Use the listener automatically created when a Service or an ingress is created. If a custom listener is used, manually delete the target load balancer.
                      
+
                      Restore the EIP binding.
                      
                       		
 
                      Deleting a listener automatically created by CCE on the ELB console
                      
+
                      Creating a custom listener on the ELB console for the load balancer managed by CCE
                      
 
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE.
                      
+
                      If a load balancer is automatically created when a Service or an ingress is created, the custom listener of the load balancer cannot be deleted when the Service or ingress is deleted. In this case, the load balancer cannot be automatically deleted.
                      
 
                      Re-create or update the Service or ingress.
                      
+
                      Use the listener automatically created when a Service or an ingress is created. If a custom listener is used, manually delete the target load balancer.
                      
                       		
 
                      Modifying the basic configurations such as the name, access control, timeout, or description of a listener created by CCE on the ELB console
                      
+
                      Deleting a listener automatically created by CCE on the ELB console
                      
 
                      After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE if the listener is deleted.
                      
+
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE.
                      
 
                      Do not modify the basic configurations of the listener created by CCE. Restore the configurations if they have been modified.
                      
+
                      Re-create or update the Service or ingress.
                      
                       		
 
                      Modifying the backend server group of a listener created by CCE on the ELB console, including adding or deleting backend servers to or from the server group
                      
+
                      Modifying the basic configurations such as the name, access control, timeout, or description of a listener created by CCE on the ELB console
                      
 
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE.
                        • Deleted backend servers will be restored.
                        • Added backend servers will be removed.
                        
+
                      After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE if the listener is deleted.
                      
+
                      Do not modify the basic configurations of the listener created by CCE. Restore the configurations if they have been modified.
                      
+
                      Modifying the backend server group of a listener created by CCE on the ELB console, including adding or deleting backend servers to or from the server group
                      
+
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE.
                        • Deleted backend servers will be restored.
                        • Added backend servers will be removed.
                        
 
                      
 
                      Re-create or update the Service or ingress.
                      
+
                      Re-create or update the Service or ingress.
                      
                       		
 
                      Replacing the backend server group of a listener created by CCE on the ELB console
                      
+
                      Replacing the backend server group of a listener created by CCE on the ELB console
                      
 
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all servers in the backend server group will be reset by CCE.
                      
+
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all servers in the backend server group will be reset by CCE.
                      
 
                      Re-create or update the Service or ingress.
                      
+
                      Re-create or update the Service or ingress.
                      
                       		
 
                      Modifying the forwarding policy of a listener created by CCE on the ELB console, including adding or deleting forwarding rules
                      
+
                      Modifying the forwarding policy of a listener created by CCE on the ELB console, including adding or deleting forwarding rules
                      
 
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE if the forwarding rules are added using an ingress.
                      
+
                      • Accessing the target Service or ingress will fail.
                      • After master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE if the forwarding rules are added using an ingress.
                      
 
                      Do not modify the forwarding policy of such a listener. Restore the configurations if they have been modified.
                      
+
                      Do not modify the forwarding policy of such a listener. Restore the configurations if they have been modified.
                      
                       		
 
                      Changing the ELB certificate on the ELB console for a load balancer managed by CCE
                      
+
                      Changing the ELB certificate on the ELB console for a load balancer managed by CCE
                      
 
                      After master nodes are restarted, for example, due to a cluster upgrade, all servers in the backend server group will be reset by CCE.
                      
+
                      After master nodes are restarted, for example, due to a cluster upgrade, all servers in the backend server group will be reset by CCE.
                      
 
                      Use the YAML file of the ingress to automatically manage certificates.
                      
+
                      Use the YAML file of the ingress to automatically manage certificates.
                      
                       		
 
                      
                       
 
 
                      Table 4 High-risk operations and solutions
                      Operation
                      
+
                      
-
-
-
-
-
-
-
-
@@ -366,41 +387,41 @@
 
                      EVS Disks
                      
-
                      Table 5 Logs
                      Operation
                      
 
                      Impact
                      
+
                      Impact
                      
 
                      Solution
                      
+
                      Solution
                      
                       		
 
                      
 
                      Deleting the /tmp/ccs-log-collector/pos directory on the host machine
                      
+
                      Deleting the /tmp/ccs-log-collector/pos directory on the host machine
                      
 
                      Logs are collected repeatedly.
                      
+
                      Logs are collected repeatedly.
                      
 
                      None
                      
+
                      None
                      
                       		
 
                      Deleting the /tmp/ccs-log-collector/buffer directory on the host machine
                      
+
                      Deleting the /tmp/ccs-log-collector/buffer directory on the host machine
                      
 
                      Logs are lost.
                      
+
                      Logs are lost.
                      
 
                      None
                      
+
                      None
                      
                       		
 
                      
                       
 
 
                      Table 5 High-risk operations and solutions
                      Operation
                      
+
                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -408,19 +429,19 @@
 
                      Add-ons
                      
-
                      Table 6 EVS disks
                      Operation
                      
 
                      Impact
                      
+
                      Impact
                      
 
                      Solution
                      
+
                      Solution
                      
 
                      Remarks
                      
+
                      Remarks
                      
                       		
 
                      
 
                      Manually unmounting an EVS disk on the console
                      
+
                      Manually unmounting an EVS disk on the console
                      
 
                      An I/O error occurs when data is written into a pod.
                      
+
                      An I/O error occurs when data is written into a pod.
                      
 
                      Delete the mount path from the node and schedule the pod again.
                      
+
                      Delete the mount path from the node and schedule the pod again.
                      
 
                      The file in the pod records the location where files are to be collected.
                      
+
                      The file in the pod records the location where files are to be collected.
                      
                       		
 
                      Unmounting the disk mount path on the node
                      
+
                      Unmounting the disk mount path on the node
                      
 
                      Pod data is written into a local disk.
                      
+
                      Pod data is written into a local disk.
                      
 
                      Remount the corresponding path to the pod.
                      
+
                      Remount the corresponding path to the pod.
                      
 
                      The buffer contains log cache files to be consumed.
                      
+
                      The buffer contains log cache files to be consumed.
                      
                       		
 
                      Operating EVS disks on the node
                      
+
                      Operating EVS disks on the node
                      
 
                      Pod data is written into a local disk.
                      
+
                      Pod data is written into a local disk.
                      
 
                      None
                      
+
                      None
                      
 
                      None
                      
+
                      None
                      
                       		
 
                      
                       
 
 
                      Table 6 Add-ons
                      Operation
                      
+
                      
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0059.html b/docs/cce/umn/cce_10_0059.html
index 8c519eb53..46bcf4114 100644
--- a/docs/cce/umn/cce_10_0059.html
+++ b/docs/cce/umn/cce_10_0059.html
@@ -4,7 +4,7 @@
 
                      Network policies are designed by Kubernetes to restrict pod access. It is equivalent to a firewall at the application layer to enhance network security. The capabilities supported by network policies depend on the capabilities of the network add-ons of the cluster.
                      
 
                      By default, if a namespace does not have any policy, pods in the namespace accept traffic from any source and send traffic to any destination.
                      
 
                      Network policies are classified into the following types:
                      
-
                      • namespaceSelector: selects particular namespaces for which all pods should be allowed as ingress sources or egress destinations.
                      • podSelector: selects particular pods in the same namespace as the network policy which should be allowed as ingress sources or egress destinations.
                      • ipBlock: selects particular IP blocks to allow as ingress sources or egress destinations. (Only egress rules support IP blocks.)
                      
+
                      • namespaceSelector: selects particular namespaces for which all pods should be allowed as ingress sources.
                      • podSelector: selects particular pods in the same namespace as the network policy which should be allowed as ingress sources.
                      • IPBlock: selects particular IP blocks to allow as ingress sources. (Only egress support IP blocks.)
                      
 
                      Notes and Constraints
                      • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                        • Ingress: All versions support this type.
                        • Egress: Only the following OSs and cluster versions support egress rules.
 
                      Table 7 Add-ons
                      Operation
                      
 
                      Impact
                      
+
                      Impact
                      
 
                      Solution
                      
+
                      Solution
                      
                       		
 
                      
 
                      Modifying add-on resources on the backend
                      
+
                      Modifying add-on resources on the backend
                      
 
                      The add-on becomes malfunctional or other unexpected issues occur.
                      
+
                      The add-on becomes malfunctional or other unexpected issues occur.
                      
 
                      Perform operations on the add-on configuration page or using open add-on management APIs.
                      
+
                      Perform operations on the add-on configuration page or using open add-on management APIs.
                      
                       		
 
                      
 
                      
@@ -21,25 +21,31 @@
 
-
                      OS
                      
 
                      4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                      
 
                      4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                      
 
                      4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                      
+
                      4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                      
                       		
 
                      HCE OS 2.0
                      
+
                      HCE OS 2.0
                      
                       		
 
                      v1.25 or later
                      
                       		
 
                      5.10.0-60.18.0.50.r865_35.hce2.x86_64
                      
+
                      5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                      
                       		
 
                      
 
 
                      
 
                      
 
-
                    • Network isolation is not supported for IPv6 addresses.
                    • If upgrade to a cluster version that supports egress rules is performed in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                      • 
+
                    • Network isolation is not supported for IPv6 addresses.
                    • If you upgrade a CCE cluster to a version that supports egress rules in in-place mode, the rules will not work because the node OS is not upgraded. In this case, reset the node.
                      • 
 
-
                      Using Ingress Rules
                      • Using podSelector to specify the access scope
                        apiVersion: networking.k8s.io/v1
+
                        Using Ingress Rules Through YAML
                        • Scenario 1: Use a network policy to limit access to a pod to only pods with specific labels.
                          Figure 1 podSelector
                          
+
                          The pod labeled with role=db only permits access to its port 6379 from pods labeled with role=frontend. To do so, perform the following operations:
                          
+
                          1. Create the access-demo1.yaml file.
                            vim access-demo1.yaml
                            
+
                            File content:
                            
+
                            apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: test-network-policy
+  name: access-demo1
   namespace: default
 spec:
   podSelector:                  # The rule takes effect for pods with the role=db label.
@@ -47,42 +53,54 @@ spec:
       role: db
   ingress:                      # This is an ingress rule.
   - from:
-    - podSelector:              # Only traffic from the pods with the "role=frontend" label is allowed.
+    - podSelector:              # Only allow the access of the pods labeled with role=frontend.
         matchLabels:
           role: frontend
     ports:                      # Only TCP can be used to access port 6379.
     - protocol: TCP
       port: 6379
                            
-
                            The following figure shows how podSelector works.
                            
-
                            Figure 1 podSelector
                            
+
                          2. Run the following command to create the network policy based on the access-demo1.yaml file:
                            kubectl apply -f access-demo1.yaml
                            
+
                            Expected output:
                            
+
                            networkpolicy.networking.k8s.io/access-demo1 created
                            
+
                          
 
                        
-
                        • Using namespaceSelector to specify the access scope
                          apiVersion: networking.k8s.io/v1
+
                          • Scenario 2: Use a network policy to limit access to a pod to only pods in a specific namespace.
                            Figure 2 namespaceSelector
                            
+
                            The pod labeled with role=db only permits access to its port 6379 from pods in the namespace labeled with project=myproject. To do so, perform the following operations:
                            
+
                            1. Create the access-demo2.yaml file.
                              vim access-demo2.yaml
                              
+
                              File content:
                              
+
                              apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: test-network-policy
+  name: access-demo2
 spec:
   podSelector:                  # The rule takes effect for pods with the role=db label.
     matchLabels:
       role: db
   ingress:                      # This is an ingress rule.
   - from:
-    - namespaceSelector:        # Only traffic from the pods in the namespace with the "project=myproject" label is allowed.
+    - namespaceSelector:        # Only allow the access of the pods in the namespace labeled with project=myproject.
         matchLabels:
           project: myproject
     ports:                      # Only TCP can be used to access port 6379.
     - protocol: TCP
       port: 6379
                              
-
                              The following figure shows how namespaceSelector works.
                              
-
                              Figure 2 namespaceSelector
                              
+
                            2. Run the following command to create the network policy based on the access-demo2.yaml file:
                              kubectl apply -f access-demo2.yaml
                              
+
                              Expected output:
                              
+
                              networkpolicy.networking.k8s.io/access-demo2 created
                              
+
                            
 
                          
 
                        
-
                        Using Egress Rules
                        Egress supports not only podSelector and namespaceSelector, but also ipBlock.
                        
-
                         
                        Only clusters of version 1.23 or later support Egress rules. Only nodes running EulerOS 2.9 or HCE OS 2.0 are supported.
                        
+
                        Using Egress Rules Through YAML
                        Egress supports podSelector, namespaceSelector, and IPBlock.
                        
+
                         
                        Only clusters of v1.23 or later support egress rules. Only nodes running EulerOS 2.9 or HCE OS 2.0 are supported.
                        
 
                        
+
                        • Scenario 1: Use a network policy to limit a pod's access to specific addresses.
                          Figure 3 IPBlock
                          
+
                          The pod labeled with role=db only permits access to the 172.16.0.16/16 CIDR block, excluding 172.16.0.40/32 within it. To do so, perform the following operations:
                          
+
                          1. Create the access-demo3.yaml file.
                            vim access-demo2.yaml
                            
+
                            File content:
                            
 
                            apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: deny-client-a-via-except-cidr-egress-rule
+  name: access-demo3
   namespace: default
 spec:
   policyTypes:                  # Must be specified for an egress rule.
@@ -93,16 +111,21 @@ spec:
   egress:                       # Egress rule
   - to:
     - ipBlock:
-        cidr: 172.16.0.16/16    # Allow access to this CIDR block.
+        cidr: 172.16.0.16/16    # Allow access to this CIDR block in the outbound direction.
         except:
-        - 172.16.0.40/32        # This CIDR block cannot be accessed. This value must fall within the range specified by cidr.
                            
-
                            The following figure shows how ipBlock works.
                            
-
                            Figure 3 ipBlock
                            
-
                            You can define ingress and egress in the same rule.
                            
+        - 172.16.0.40/32        # Block access to this address in the CIDR block.
                        
+
                      • Run the following command to create the network policy based on the access-demo3.yaml file:
                        kubectl apply -f access-demo3.yaml
                        
+
                        Expected output:
                        
+
                        networkpolicy.networking.k8s.io/access-demo3 created
                        
+
                        • 
+
                      • Scenario 2: Use a network policy to limit access to a pod to only pods with specific labels and this pod can only access specific pods.
                        Figure 4 Using both ingress and egress
                        
+
                        The pod labeled with role=db only permits access to its port 6379 from pods labeled with role=frontend, and this pod can only access the pods labeled with role=web. You can use the same rule to configure both ingress and egress in a network policy. To do so, perform the following operations:
                        
+
                        1. Create the access-demo4.yaml file.
                          vim access-demo2.yaml
                          
+
                          File content:
                          
 
                          apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: test-network-policy
+  name: access-demo4
   namespace: default
 spec:
   policyTypes:
@@ -113,7 +136,7 @@ spec:
       role: db
   ingress:                      # This is an ingress rule.
   - from:
-    - podSelector:              # Only traffic from the pods with the "role=frontend" label is allowed.
+    - podSelector:              # Only allow the access of the pods labeled with role=frontend.
         matchLabels:
           role: frontend
     ports:                      # Only TCP can be used to access port 6379.
@@ -124,11 +147,14 @@ spec:
     - podSelector:              # Only pods with the role=web label can be accessed.
         matchLabels:
           role: web
                          
-
                          The following figure shows how to use ingress and egress together.
                          
-
                          Figure 4 Using both ingress and egress
                          
+
                        2. Run the following command to create the network policy based on the access-demo4.yaml file:
                          kubectl apply -f access-demo4.yaml
                          
+
                          Expected output:
                          
+
                          networkpolicy.networking.k8s.io/access-demo4 created
                          
+
                        
+
                      
 
                      
-
                      Creating a Network Policy on the Console
                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                      2. Choose Policies in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.
                        • Policy Name: Specify a network policy name.
                        • Namespace: Select a namespace in which the network policy is applied.
                        • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to use the label of an existing workload.
                        • Inbound Rule: Click  to add an inbound rule. For details about parameter settings, see Table 1.
                          
-
                          
+
                          Creating a Network Policy on the Console
                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                          2. Choose Policies in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.
                            • Policy Name: Specify a network policy name.
                            • Namespace: Select a namespace in which the network policy is applied.
                            • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to use the label of an existing workload.
                            • Inbound Rule: Click  to add an inbound rule. For details about parameter settings, see Table 1.
                              
+
                              
 
                              
 
                              
@@ -155,32 +181,33 @@ spec:
 
                              Table 1 Adding an inbound rule
                              Parameter
                              
 
                              
 
                              
 
                              
-
                            • Outbound Rule: Click  to add an outbound rule. For details about parameter settings, see Table 1.
                              
+
                            • Outbound Rule: Click  to add an outbound rule. For details about parameter settings, see Table 1.
                              
+
                              
 
                              
-
                              Table 2 Adding an outbound rule
                              Parameter
                              
+
                              
-
-
-
-
-
-
-
-
-
@@ -193,7 +220,7 @@ spec:
 
                              
 
                              
-
                              Parent topic: Tunnel Network Settings
                              
+
                              Parent topic: Pod Network Settings
                              
 
                              
 
                              
 
diff --git a/docs/cce/umn/cce_10_0066.html b/docs/cce/umn/cce_10_0066.html
index aefb01fce..1f964de4a 100644
--- a/docs/cce/umn/cce_10_0066.html
+++ b/docs/cce/umn/cce_10_0066.html
@@ -4,239 +4,250 @@
 
                              Introduction
                              Everest is a cloud native container storage system, which enables clusters of Kubernetes v1.15.6 or later to access cloud storage services through the CSI.
                              
 
                              Everest is a system resource add-on. It is installed by default when a cluster of Kubernetes v1.15 or later is created.
                              
 
                              
-
                              Notes and Constraints
                              • If your cluster is upgraded from v1.13 to v1.15, storage-driver will be replaced by Everest (v1.1.6 or later) for container storage. The takeover does not affect the original storage functions.
                              • In version 1.2.0 of the Everest add-on, key authentication is optimized when OBS is used. After the Everest add-on is upgraded from a version earlier than 1.2.0, restart all workloads that use OBS in the cluster. Otherwise, workloads may not be able to use OBS.
                              • By default, this add-on is installed in clusters of v1.15 and later. For clusters of v1.13 and earlier, the storage-driver add-on is installed by default.
                              
+
                              Notes and Constraints
                              • In version 1.2.0 of the Everest add-on, key authentication is optimized when OBS is used. After the Everest add-on is upgraded from a version earlier than 1.2.0, restart all workloads that use OBS in the cluster. Otherwise, workloads may not be able to use OBS.
                              
 
                              
 
                              Installing the Add-on
                              This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:
                              
-
                              1. Log in to the CCE console and click the cluster name to access the cluster console. Click Add-ons in the navigation pane, locate CCE Container Storage (Everest) on the right, and click Install.
                              2. On the Install Add-on page, configure the specifications.
                                
-
                              Table 2 Adding an outbound rule
                              Parameter
                              
 
                              Description
                              
+
                              Description
                              
                               		
 
                              
 
                              Protocol & Port
                              
+
                              Protocol & Port
                              
 
                              Select the protocol type and port. Currently, TCP and UDP are supported. If this parameter is not specified, the protocol type is not limited.
                              
+
                              Select the protocol type and port. Currently, TCP and UDP are supported. If this parameter is not specified, the protocol type is not limited.
                              
                               		
 
                              Destination CIDR Block
                              
+
                              Destination CIDR Block
                              
 
                              Allows requests to be routed to a specified CIDR block (and not to the exception CIDR blocks). Separate the destination and exception CIDR blocks by vertical bars (|), and separate multiple exception CIDR blocks by commas (,). For example, 172.17.0.0/16|172.17.1.0/24,172.17.2.0/24 indicates that 172.17.0.0/16 is accessible, but not for 172.17.1.0/24 or 172.17.2.0/24.
                              
+
                              Allows requests to be routed to a specified CIDR block (and not to the exception CIDR blocks). Separate the destination and exception CIDR blocks by vertical bars (|), and separate multiple exception CIDR blocks by commas (,). For example, 172.17.0.0/16|172.17.1.0/24,172.17.2.0/24 indicates that 172.17.0.0/16 is accessible, but not for 172.17.1.0/24 and 172.17.2.0/24.
                              
                               		
 
                              Destination Namespace
                              
+
                              Destination Namespace
                              
 
                              Select a namespace whose objects can be accessed. If this parameter is not specified, the object belongs to the same namespace as the current policy.
                              
+
                              Select a namespace whose objects can be accessed. If this parameter is not specified, the object belongs to the same namespace as the current policy.
                              
                               		
 
                              Destination Pod Label
                              
+
                              Destination Pod Label
                              
 
                              Allow accessing the pods with this label. If this parameter is not specified, all pods in the namespace can be accessed.
                              
+
                              Allow accessing the pods with this label. If this parameter is not specified, all pods in the namespace can be accessed.
                              
                               		
 
                              
                               
 
                              
-
-
-
-
-
-
-
-
-
-
-
                              Table 1 Add-on configuration
                              Parameter
                              
-
                              Description
                              
-
                              Pods
                              
-
                              Number of pods for the add-on.
                              
-
                              High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                              
-
                              Containers
                              
-
                              The Everest add-on contains the Everest-csi-controller and everest-csi-driver components. For details, see Components.
                              
-
                              The add-on component specifications can be customized based on your requirements. Retain the default requested CPU and memory values of the add-on components. The limit values can be adjusted based on the number of cluster nodes and PVCs. For details about the configuration suggestions, see Table 2.
                              
-
                              In non-typical scenarios, the formulas for estimating the limit values are as follows:
                              
-
                              • everest-csi-controller
                                • CPU limit: 250m for 200 or fewer nodes, 350m for 1000 nodes, and 500m for 2000 nodes
                                • Memory limit = (200 Mi + Number of nodes x 1 Mi + Number of PVCs x 0.2 Mi) x 1.2
                                
-
                              • everest-csi-driver
                                • CPU limit: 300m for 200 or fewer nodes, 500m for 1000 nodes, and 800m for 2000 nodes
                                • Memory limit: 300 Mi for 200 or fewer nodes, 600 Mi for 1000 nodes, and 900 Mi for 2000 nodes
                                
+
                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Container Storage (Everest) on the right, and click Install.
                                2. On the Install Add-on page, configure the specifications as needed.
                                  • If you selected Preset, you can choose between Small, Medium, or Large as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                    The small specification is best for clusters with up to 50 nodes and 500 PVCs. The medium specification works well for clusters with up to 200 nodes and 2000 PVCs. The large specification is perfect for clusters with up to 1000 nodes and 10,000 PVCs.
                                    
+
                                  • If you selected Custom, you can adjust the number of pods and resource quotas as needed. The requested CPU and memory can be adjusted based on the number of nodes and PVCs. For details, see Table 1.
                                    In non-typical scenarios, the formulas for estimating the limits are as follows:
                                    
+
                                    • everest-csi-controller
                                      • CPU limit: 250m for 200 or fewer nodes, 350m for 1000 nodes, and 500m for 2000 nodes
                                      • Memory limit = (200 MiB + Number of nodes x 1 MiB + Number of PVCs x 0.2 MiB) x 1.2
                                      
+
                                    • everest-csi-driver
                                      • CPU limit: 300m for 200 or fewer nodes, 500m for 1000 nodes, and 800m for 2000 nodes
                                      • Memory limit: 300 MiB for 200 or fewer nodes, 600 MiB for 1000 nodes, and 900 MiB for 2000 nodes
                                      
 
                                    
-
                              
-
                              
 
-
                              Table 2 Recommended configuration limits in typical scenarios
                              Configuration Scenario
                              
+
                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                              Table 1 Recommended configuration limits in typical scenarios
                              Configuration Scenario
                              
 
                              everest-csi-controller
                              
+
                              everest-csi-controller
                              
 
                              everest-csi-driver
                              
+
                              everest-csi-driver
                              
                               		
 
                              
 
                              Nodes
                              
+
                              Nodes
                              
 
                              PVs/PVCs
                              
+
                              PVs/PVCs
                              
 
                              Add-on Instances
                              
+
                              Add-on Pods
                              
 
                              vCPUs (Limit = Requested)
                              
+
                              CPU Cores (Limit = Request)
                              
 
                              Memory (Limit = Requested)
                              
+
                              Memory (Limit = Request)
                              
 
                              vCPUs (Limit = Requested)
                              
+
                              CPU Cores (Limit = Request)
                              
 
                              Memory (Limit = Requested)
                              
+
                              Memory (Limit = Request)
                              
                               		
 
                              50
                              
+
                              50
                              
 
                              1000
                              
+
                              1000
                              
 
                              2
                              
+
                              2
                              
 
                              250m
                              
+
                              250m
                              
 
                              600 MiB
                              
+
                              600 MiB
                              
 
                              300m
                              
+
                              300m
                              
 
                              300 MiB
                              
+
                              300 MiB
                              
                               		
 
                              200
                              
+
                              200
                              
 
                              1000
                              
+
                              1000
                              
 
                              2
                              
+
                              2
                              
 
                              250m
                              
+
                              250m
                              
 
                              1 GiB
                              
+
                              1 GiB
                              
 
                              300m
                              
+
                              300m
                              
 
                              300 MiB
                              
+
                              300 MiB
                              
                               		
 
                              1000
                              
+
                              1000
                              
 
                              1000
                              
+
                              1000
                              
 
                              2
                              
+
                              2
                              
 
                              350m
                              
+
                              350m
                              
 
                              2 GiB
                              
+
                              2 GiB
                              
 
                              500m
                              
+
                              500m
                              
 
                              600 MiB
                              
+
                              600 MiB
                              
                               		
 
                              1000
                              
+
                              1000
                              
 
                              5000
                              
+
                              5000
                              
 
                              2
                              
+
                              2
                              
 
                              450m
                              
+
                              450m
                              
 
                              3 GiB
                              
+
                              3 GiB
                              
 
                              500m
                              
+
                              500m
                              
 
                              600 MiB
                              
+
                              600 MiB
                              
                               		
 
                              2000
                              
+
                              2000
                              
 
                              5000
                              
+
                              5000
                              
 
                              2
                              
+
                              2
                              
 
                              550m
                              
+
                              550m
                              
 
                              4 GiB
                              
+
                              4 GiB
                              
 
                              800m
                              
+
                              800m
                              
 
                              900 MiB
                              
+
                              900 MiB
                              
                               		
 
                              2000
                              
+
                              2000
                              
 
                              10000
                              
+
                              10000
                              
 
                              2
                              
+
                              2
                              
 
                              650m
                              
+
                              650m
                              
 
                              5 GiB
                              
+
                              5 GiB
                              
 
                              800m
                              
+
                              800m
                              
 
                              900 MiB
                              
+
                              900 MiB
                              
                               		
 
                              
                               
 
                              
 
                              
+
 
                            • Configure the add-on parameters.
                              
-
                              Table 3 Everest parameters
                              Parameter
                              
+
                              
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
+
+
+
+
                              Table 2 Add-on parameters
                              Item
                              
 
                              Description
                              
+
                              Configuration Method
                              
+
                              Description
                              
                               		
 
                              
 
                              csi_attacher_worker_threads
                              
+
                              Reserved EVS Disks for Non-Container Workloads
                              
 
                              Number of worker nodes that can be concurrently processed by Everest for attaching EVS volumes. The default value is 60.
                              
+
                              Visualized GUI configuration
                              
+
                              Number of disks on the node reserved for custom use. This parameter is supported when the add-on version is 2.3.11 or later.
                              
+
                              Assume that a maximum of 20 EVS disks can be attached to a node, and the value of this parameter is set to 6. Then 14 (20-6) disks can be attached to this node when the system schedules the EVS disk attachment workloads. The reserved six disks include one system disk and one data disk that have been attached to the node. You can attach four EVS disks to this node as additional data disks or raw disks for a local storage pool.
                              
                               		
 
                              csi_attacher_detach_worker_threads
                              
+
                              Prohibit Global Secret from Mounting Object Storage
                              
 
                              Number of worker nodes that can be concurrently processed by Everest for detaching EVS volumes. The default value is 60.
                              
+
                              Visualized GUI configuration
                              
+
                              Whether the default AK/SK can be used when an object bucket or parallel file system is mounted.
                              
+
                              • is: If you do not specify a custom secret for mounting OBS storage, the global secret you uploaded will be used.
                              • No: If you do not specify a custom secret for mounting OBS storage, only the global secret you uploaded can be used. Otherwise, the mounting will fail.
                              
                               		
 
                              volume_attaching_flow_ctrl
                              
+
                              Concurrent EVS Disk Attaching Tasks
                              
 
                              Maximum number of EVS volumes that can be attached by the Everest add-on within 1 minute. The default value is 0, indicating that the performance of attaching EVS volumes is determined by the underlying storage resources.
                              
+
                              Visualized GUI configuration
                              
+
                              Number of workers that can be concurrently processed by Everest for attaching EVS volumes. The default value is 60.
                              
                               		
 
                              cluster_id
                              
+
                              Concurrent EVS Disk Detaching Tasks
                              
 
                              Cluster ID
                              
+
                              Visualized GUI configuration
                              
+
                              Number of workers that can be concurrently processed by Everest for detaching EVS volumes. The default value is 60.
                              
                               		
 
                              default_vpc_id
                              
+
                              Distributed Volume Mounting
                              
 
                              ID of the VPC to which the cluster belongs
                              
+
                              Visualized GUI configuration
                              
+
                              When enabled, the everest-csi-driver component on each node is responsible for attaching or detaching EVS disks.
                              
+
                              If disabled, the everest-csi-controller component takes on this responsibility.
                              
                               		
 
                              disable_auto_mount_secret
                              
+
                              flow_control
                              
 
                              Whether the default AK/SK can be used when an object bucket or parallel file system is mounted. The default value is false.
                              
+
                              Extended Parameter Settings
                              
+
                              The default configuration is used. After installing the CCE Container Storage (Everest) add-on, you can refer to ConfigMap everest-driver-th-config in the kube-system namespace for more details.
                              
                               		
 
                              enable_node_attacher
                              
+
                              over_subscription
                              
 
                              Whether to enable the attacher on the agent to process the VolumeAttachment.
                              
+
                              Extended parameter settings
                              
+
                              Overcommitment ratio of the local storage pool (local_storage). The default value for the local storage pool size is set to 80. If the pool size is 100 GiB, it can be overcommitted up to 180 GiB. (Total capacity after overcommitment = (1 + Overcommitment ratio) x Actual capacity)
                              
                               		
 
                              flow_control
                              
+
                              enable_local_autoexpander
                              
 
                              This field is left blank by default. You do not need to configure this parameter.
                              
+
                              Extended parameter settings
                              
+
                              Whether to enable automatic scale-out for the local storage pool of thin volumes. If this function is enabled, automatic scale-out is triggered based on the scale-out threshold and scale-out step of the local storage pool.
                              
                               		
 
                              number_of_reserved_disks
                              
+
                              expansion_threshold
                              
 
                              Number of disks on the node reserved for custom use. This parameter is supported when the add-on version is 2.3.11 or later.
                              
-
                              Assume that a maximum of 20 EVS disks can be attached to a node, and the value of this parameter is set to 6. Then 14 (20-6) disks can be attached to this node when the system schedules the EVS disk attachment workloads. The reserved six disks include one system disk and one data disk that has been attached to the node. You can attach four EVS disks to this node as additional data disks or raw disks for a local storage pool.
                              
+
                              Extended parameter settings
                              
+
                              Capacity expansion threshold of the local storage pool of the thin volume. When the usage of the local storage pool of the thin volume exceeds the threshold, the local storage pool is automatically expanded.
                              
                               		
 
                              over_subscription
                              
+
                              expansion_step
                              
 
                              Overcommitment ratio of the local storage pool (local_storage). The default value is 80. If the size of the local storage pool is 100 GB, it can be overcommitted to 180 GB.
                              
+
                              Extended parameter settings
                              
+
                              Capacity expansion step of a single EVS disk in the local storage pool of thin provisioning volumes (unit: Gi)
                              
                               		
 
                              project_id
                              
+
                              expansion_max_evs_size
                              
 
                              ID of the project to which a cluster belongs
                              
+
                              Extended parameter settings
                              
+
                              Maximum capacity of a single EVS disk in the local storage pool of thin provisioning volumes (unit: Gi)
                              
+
                              volume_attaching_flow_ctrl
                              
+
                              Extended parameter settings
                              
+
                              Maximum number of EVS volumes that can be attached by the Everest add-on within 1 minute. The default value is 0, indicating that the performance of attaching EVS volumes is determined by the underlying storage resources.
                              
                               		
 
                              
                               
 
                              
 
                              
-
                               
                              In Everest 1.2.26 or later, the performance of attaching a large number of EVS volumes has been optimized. The following parameters can be configured:
                              • csi_attacher_worker_threads
                              • csi_attacher_detach_worker_threads
                              • volume_attaching_flow_ctrl
                              
-
                              
-
                              The preceding parameters are associated with each other and are constrained by the underlying storage resources in the region where the cluster is located. To attach a large number of volumes (more than 500 EVS volumes per minute), contact administrator and configure the parameters under their guidance to prevent the Everest add-on from running abnormally due to improper parameter settings.
                              
+
                               
                              In the extended parameter settings, you can customize the advanced configurations that are not displayed on the GUI. If the settings in the extended parameters conflict with those on the GUI, the settings in the extended parameters will work.
                              
 
                              
-
                            • Configure scheduling policies for the add-on.
                               
                              • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                              
+
                            • Configure deployment policies for the add-on pods.
                               
                              • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                              
 
                              
 
-
                              Table 4 Configurations for add-on scheduling
                              Parameter
                              
+
                              
-
-
-
@@ -252,8 +263,8 @@
 
                            • Click Install.
                              • 
-
                              Components
                              
-
                              Table 3 Configurations for add-on scheduling
                              Parameter
                              
                               		
 
                              Description
                              
                               		
 
                              
 
                              Multi AZ
                              
+
                              Multi-AZ Deployment
                              
 
                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                              • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                              • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                              
+
                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                              • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                              • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                              
                               		
 
                              
 
                              Node Affinity
                              
 
                              • Not configured: Node affinity is disabled for the add-on.
                              • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                              • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                              • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                
+
                              • Not configured: Node affinity is disabled for the add-on.
                              • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                              • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                              • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                
 
                              
                               		
 
                              
 
 
                              Table 5 Add-on components
                              Component
                              
+
                              Components
                              
+
                              
@@ -283,7 +294,7 @@
 
                               
                              Prometheus metrics can be exposed only when the Everest add-on version is 2.4.4 or later.
                              
 
                              
 
-
                              Table 4 Add-on components
                              Component
                              
                               		
 
                              Description
                              
 
                              Table 6 Key metrics
                              Metric
                              
+
                              
@@ -301,7 +312,7 @@
 
-
-
@@ -324,7 +335,7 @@
 
-
@@ -335,7 +346,7 @@
 
-
@@ -345,7 +356,7 @@
 
                              action and function specify different CSI drivers and their functions, and are in the format of {Function}:{CSI driver}. For example, create:disk.csi.everest.io specifies that the function is to create a volume and the volume type is EVS disk.
                              
 
-
                              Table 5 Key metrics
                              Metric
                              
                               		
 
                              Type
                              
                               		
 
                              Invoking of different functions
                              
 
                              action: indicates different functions. For details, see Table 7.
                              
+
                              action: indicates different functions. For details, see Table 6.
                              
 
                              result: indicates that the invoking is successful or fails.
                              
                               		
 
                              everest_action_result_total{action="create_snapshot:disk.csi.everest.io",result="success"} 2
                              
@@ -313,7 +324,7 @@
                               		
 
                              Number of times that different functions are executed at different time
                              
 
                              function: indicates different functions. For details, see Table 7.
                              
+
                              function: indicates different functions. For details, see Table 6.
                              
                               		
 
                              everest_function_duration_seconds_bucket{function="create_snapshot:disk.csi.everest.io",le="10"} 2
                              
                               		
 
                              Total invoking time of different functions
                              
 
                              function: indicates different functions. For details, see Table 7.
                              
+
                              function: indicates different functions. For details, see Table 6.
                              
                               		
 
                              everest_function_duration_seconds_sum{function="create:disk.csi.everest.io"} 24.381399053
                              
                               		
 
                              Number of invoking times of different functions
                              
 
                              function: indicates different functions. For details, see Table 7.
                              
+
                              function: indicates different functions. For details, see Table 6.
                              
                               		
 
                              everest_function_duration_seconds_count{function="attach:disk.csi.everest.io"} 4
                              
                               		
 
                              Table 7 Functions
                              Operation
                              
+
                              
@@ -391,7 +402,7 @@
 
                              Change History
                              
-
                              Table 6 Functions
                              Operation
                              
                               		
 
                              Description
                              
                               		
 
 
                              Table 8 Release history
                              Add-on Version
                              
+
                              
@@ -399,7 +410,19 @@
 
-
+
+
+
+
-
diff --git a/docs/cce/umn/cce_10_0068.html b/docs/cce/umn/cce_10_0068.html
index 7f0a987fe..ec21045b9 100644
--- a/docs/cce/umn/cce_10_0068.html
+++ b/docs/cce/umn/cce_10_0068.html
@@ -4,6 +4,8 @@
 
                              
 
                              Description of DefaultPool
                              DefaultPool is not a real node pool. It only classifies nodes that are not in the custom node pools. These nodes are directly created on the console or by calling APIs. DefaultPool does not support any user-created node pool functions, including scaling and parameter configuration. DefaultPool cannot be edited, deleted, expanded, or auto scaled, and nodes in it cannot be migrated.
                              
 
                              
-
                              Application Scenarios
                              When a large-scale cluster is required, you are advised to use node pools to manage nodes.
                              
+
                              Applicable Scenarios
                              When a large-scale cluster is required, you are advised to use node pools to manage nodes.
                              
 
                              The following table describes multiple scenarios of large-scale cluster management and the functions of node pools in each scenario.
                              
 
 
                              Table 7 Release history
                              Add-on Version
                              
                               		
 
                              Supported Cluster Version
                              
                               		
 
                              
 
                              2.4.28
                              
+
                              2.4.75
                              
+
                              v1.23
                              
+
                              v1.25
                              
+
                              v1.27
                              
+
                              v1.28
                              
+
                              v1.29
                              
+
                              v1.30
                              
+
                              On HCE OS 2.0 nodes, you can configure the EVS PVC's fstype to xfs.
                              
+
                              2.4.28
                              
                               		
 
                              v1.23
                              
 
                              v1.25
                              
@@ -537,7 +560,7 @@
 
                              v1.15
                              
 
                              v1.17
                              
 
                              • Supports security hardening.
                              • Supports third-party OBS storage.
                              • Switches to the EVS query API with better performance.
                              • Uses snapshots to create disks in clone mode by default.
                              • Optimizes and enhances disk status detection and log output for attaching and detaching operations.
                              • Improves the reliability of determining authentication expiration.
                              
+
                              • Supported security hardening.
                              • Supported third-party OBS storage.
                              • Switched to the EVS query API with better performance.
                              • Used snapshots to create disks in clone mode by default.
                              • Optimized and enhanced disk status detection and log output for attaching and detaching operations.
                              • Improved the reliability of determining authentication expiration.
                              
                               		
 
                              
                               
 
 
                              Table 1 Using node pools for different management scenarios
                              Scenario
                              
@@ -119,12 +119,12 @@
 
 
 
                              Deploying a Workload in a Specified Node Pool
                              When creating a workload, you can constrain pods to run in a specified node pool.
                              
-
                              For example, on the CCE console, you can set the affinity between the workload and the node on the Scheduling Policies tab page on the workload details page to forcibly deploy the workload to a specific node pool. In this way, the workload runs only on nodes in the node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in Scheduling Policies (Affinity/Anti-affinity).
                              
+
                              For example, on the CCE console, you can set the affinity between the workload and the node on the Scheduling Policies tab page on the workload details page to forcibly deploy the workload to a specific node pool. In this way, the workload runs only on nodes in the node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in Configuring Node Affinity Scheduling (nodeAffinity).
                              
 
                              For example, you can use container's resource request as a nodeSelector so that workloads will run only on the nodes that meet the resource request.
                              
 
                              If the workload definition file defines a container that requires four CPUs, the scheduler will not choose the nodes with two CPUs to run workloads.
                              
 
                              
 
                              Related Operations
                              You can log in to the CCE console and refer to the following sections to perform operations on node pools:
                              
-
+
 
                              
 
 
                              
diff --git a/docs/cce/umn/cce_10_0083.html b/docs/cce/umn/cce_10_0083.html
index f2e403b49..91e679ea9 100644
--- a/docs/cce/umn/cce_10_0083.html
+++ b/docs/cce/umn/cce_10_0083.html
@@ -3,8 +3,8 @@
 
                              Managing Workload Scaling Policies
                              
 
                              Scenario
                              After a workload scaling policy is created, you can update and delete the policy, as well as edit the YAML file.
                              
 
                              
-
                              Procedure
                              You can view the rules, status, and events of a workload scaling policy and handle exceptions based on the error information displayed.
                              
-
                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                              2. In the navigation pane, choose Policies. On the displayed page, click the HPA/CronHPA Policies tab page based on the scaling policy type.
                              3. Check the status, rules, and associated workloads of a scaling policy.
                                 
                                You can also check a created scaling policy on the workload details page.
                                
+
                                Procedure
                                You can view the rules, latest status, and events of a workload scaling policy and handle exceptions based on the error information displayed.
                                
+
                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                2. In the navigation pane, choose Policies. On the Scaling Policies tab page, click the HPA Policies/CronHPA Policies tab based on the scaling policy type.
                                3. Check the latest status, rules, and associated workloads of a scaling policy.
                                   
                                  You can also check a created scaling policy on the workload details page.
                                  
 
                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                  2. In the navigation pane, choose Workloads. Click the workload name to view its details.
                                  3. On the workload details page, switch to the Auto Scaling tab page to obtain the scaling policies. You can also obtain the scaling policies you configured on the Policies page.
                                  
 
                                  
 
                                4. Manage scaling policies.
                                  
diff --git a/docs/cce/umn/cce_10_0084.html b/docs/cce/umn/cce_10_0084.html
index 33e2f9511..3b12a01b6 100644
--- a/docs/cce/umn/cce_10_0084.html
+++ b/docs/cce/umn/cce_10_0084.html
@@ -1,7 +1,7 @@
 
 
 
                                  Enabling ICMP Security Group Rules
                                  
-
                                  Scenario
                                  If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers.
                                  
+
                                  Scenario
                                  If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers. 
                                  
 
                                  
 
                                  Procedure
                                  1. Log in to the CCE console, choose Service List > Networking > Virtual Private Cloud, and choose Access Control > Security Groups in the navigation pane.
                                  2. In the security group list, locate the security group of the cluster. Click the Inbound Rules tab page and then Add Rule. In the Add Inbound Rule dialog box, configure inbound parameters.
                                    
 
                                    Cluster Type
                                    
diff --git a/docs/cce/umn/cce_10_0094.html b/docs/cce/umn/cce_10_0094.html
index 7da7698d1..2a6e1e507 100644
--- a/docs/cce/umn/cce_10_0094.html
+++ b/docs/cce/umn/cce_10_0094.html
@@ -3,183 +3,188 @@
 
                                    Overview
                                    
 
                                    Why We Need Ingresses
                                    A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.
                                    
 
                                    An ingress is an independent resource in the Kubernetes cluster and defines rules for forwarding external access traffic. As shown in Figure 1, you can customize forwarding rules based on domain names and URLs to implement fine-grained distribution of access traffic.
                                    
-
                                    Figure 1 Ingress diagram
                                    
-
                                    The following describes the ingress-related definitions:
                                    
-
                                    • Ingress object: a set of access rules that forward requests to specified Services based on domain names or URLs. It can be added, deleted, modified, and queried by calling APIs.
                                    • Ingress Controller: an executor for request forwarding. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.
                                    
-
                                    Ingress Controllers provided by different vendors are implemented in different ways. Based on the types of load balancers, Ingress Controllers are classified into LoadBalancer Ingress Controller and Nginx Ingress Controller. Both of them are supported in CCE. LoadBalancer Ingress Controller forwards traffic through ELB. Nginx Ingress Controller uses the templates and images maintained by the Kubernetes community to forward traffic through the Nginx component. 
                                    
+
                                    Figure 1 Ingress diagram
                                    
+
                                    
+
                                    Ingress Overview
                                    Kubernetes uses ingress resources to define how incoming traffic should be handled, while the Ingress Controller is responsible for processing the actual traffic.
                                    
+
                                    • Ingress object: a set of access rules that forward requests to specified Services based on domain names or paths. It can be added, deleted, modified, and queried by calling APIs.
                                    • Ingress Controller: an executor for forwarding requests. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the target backend Services.
                                      The way of implementing Ingress Controllers varies depending on their vendors. CCE supports LoadBalancer Ingress Controllers and NGINX Ingress Controllers.
                                      • LoadBalancer Ingress Controllers are deployed on master nodes and they forward traffic based on the ELB. All policy configurations and forwarding behaviors are handled by the ELB.
                                      • NGINX Ingress Controllers are deployed in clusters using charts and images maintained by the Kubernetes community. They provide external access through NodePort and forward external traffic to other services in the cluster through Nginx. All traffic forwarding behaviors and forwarding objects are within the cluster.
                                      
+
                                      
+
                                    
 
                                    
 
                                    Ingress Feature Comparison
                                    
-
                                    Table 1 Comparison between ingress features
                                    Feature
                                    
+
                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                    Table 1 Comparison between ingress features
                                    Feature
                                    
 
                                    ELB Ingress Controller
                                    
+
                                    ELB Ingress Controller
                                    
 
                                    Nginx Ingress Controller
                                    
+
                                    Nginx Ingress Controller
                                    
                                     		
 
                                    
 
                                    O&M
                                    
+
                                    O&M
                                    
 
                                    O&M-free
                                    
+
                                    O&M-free
                                    
 
                                    Self-installation, upgrade, and maintenance
                                    
+
                                    Self-installation, upgrade, and maintenance
                                    
                                     		
 
                                    Performance
                                    
+
                                    Performance
                                    
 
                                    One ingress supports only one load balancer.
                                    
+
                                    One ingress supports only one load balancer.
                                    
 
                                    Multiple ingresses support one load balancer.
                                    
+
                                    Multiple ingresses support one load balancer.
                                    
                                     		
 
                                    Enterprise-grade load balancers are used to provide high performance and high availability. Service forwarding is not affected in upgrade and failure scenarios.
                                    
+
                                    Enterprise-grade load balancers are used to provide high performance and high availability. Service forwarding is not affected in upgrade and failure scenarios.
                                    
 
                                    Performance varies depending on the resource configuration of pods.
                                    
+
                                    Performance varies depending on the resource configuration of pods.
                                    
                                     		
 
                                    Dynamic loading is supported.
                                    
+
                                    Dynamic loading is supported.
                                    
 
                                    • Processes must be reloaded for non-backend endpoint changes, which causes loss to persistent connections.
                                    • Lua supports hot updates of endpoint changes.
                                    • Processes must be reloaded for a Lua modification.
                                    
+
                                    • Processes must be reloaded for non-backend endpoint changes. This causes loss to persistent connections.
                                    • Lua supports hot updates of endpoint changes.
                                    • Processes must be reloaded for a Lua modification.
                                    
                                     		
 
                                    Component deployment
                                    
+
                                    Component deployment
                                    
 
                                    Deployed on the master node
                                    
+
                                    Deployed on the master node
                                    
 
                                    Deployed on worker nodes, and operations costs required for the Nginx component
                                    
+
                                    Deployed on worker nodes, and operations costs required for the Nginx component
                                    
                                     		
 
                                    Route redirection
                                    
+
                                    Route redirection
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    SSL configuration
                                    
+
                                    SSL configuration
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    Using ingress as a proxy for backend services
                                    
+
                                    Using ingress as a proxy for backend services
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Supported, which can be implemented through backend-protocol: HTTPS annotations.
                                    
+
                                    Supported, which can be implemented through backend-protocol: HTTPS annotations.
                                    
                                     		
 
                                    
                                     
 
                                    
 
                                    
-
                                    The LoadBalancer ingress is essentially different from the open source Nginx Ingress. Therefore, their supported Service types are different. For details, see Services Supported by Ingresses. 
                                    
-
                                    LoadBalancer Ingress Controller is deployed on a master node. All policies and forwarding behaviors are configured on the ELB side. Load balancers outside the cluster can connect to nodes in the cluster only through the IP address of the VPC in non-passthrough networking scenarios. Therefore, LoadBalancer ingresses support only NodePort Services. However, in the passthrough networking scenario (CCE Turbo cluster + dedicated load balancer), ELB can directly forward traffic to pods in the cluster. In this case, the ingress can only interconnect with ClusterIP Services.
                                    
-
                                    Nginx Ingress Controller runs in a cluster and is exposed as a Service through NodePort. Traffic is forwarded to other Services in the cluster through Nginx-ingress. The traffic forwarding behavior and forwarding object are in the cluster. Therefore, both ClusterIP and NodePort Services are supported.
                                    
-
                                    In conclusion, LoadBalancer ingresses use enterprise-grade load balancers to forward traffic and delivers high performance and stability. Nginx Ingress Controller is deployed on cluster nodes, which consumes cluster resources but has better configurability.
                                    
+
                                    The LoadBalancer ingress is essentially different from the open source Nginx Ingress. Therefore, their supported Service types are different. For details, see Services Supported by LoadBalancer Ingresses. 
                                    
+
                                    LoadBalancer Ingress Controllers are deployed on master nodes. All policy configurations and forwarding behaviors are configured on the ELB. Load balancers outside the cluster can connect to nodes in the cluster only through the IP address of the VPC in non-passthrough networking scenarios. Therefore, LoadBalancer ingresses support only NodePort Services. However, in the passthrough networking scenario (CCE Turbo cluster + dedicated load balancer), ELB can directly forward traffic to pods in the cluster. In this case, the ingress can only interconnect with ClusterIP Services.
                                    
+
                                    NGINX Ingress Controller runs in a cluster and is exposed as a Service through NodePort. Traffic is forwarded to other Services in the cluster through Nginx-ingress. The traffic forwarding behavior and forwarding object are in the cluster. Therefore, both ClusterIP and NodePort Services are supported.
                                    
+
                                    In conclusion, LoadBalancer ingresses use enterprise-grade load balancers to forward traffic and delivers high performance and stability. NGINX Ingress Controller is deployed on cluster nodes, which consumes cluster resources but has better configurability.
                                    
 
-
                                    Working Rules of LoadBalancer Ingress Controller
                                    LoadBalancer Ingress Controller developed by CCE implements layer-7 network access for the internet and intranet (in the same VPC) based on ELB and distributes access traffic to the corresponding Services using different URLs.
                                    
-
                                    LoadBalancer Ingress Controller is deployed on the master node and bound to the load balancer in the VPC where the cluster resides. Different domain names, ports, and forwarding policies can be configured for the same load balancer (with the same IP address). Figure 2 shows the working rules of LoadBalancer Ingress Controller.
                                    
-
                                    1. A user creates an ingress object and configures a traffic access rule in the ingress, including the load balancer, URL, SSL, and backend service port.
                                    2. When Ingress Controller detects that the ingress object changes, it reconfigures the listener and backend server route on the ELB side according to the traffic access rule.
                                    3. When a user accesses a workload, the traffic is forwarded to the corresponding backend service port based on the forwarding policy configured on ELB, and then forwarded to each associated workload through the Service.
                                    
-
                                    Figure 2 Working rules of shared LoadBalancer ingresses in CCE standard and Turbo clusters
                                    
-
                                    When you use a dedicated load balancer in a CCE Turbo cluster, pod IP addresses are allocated from the VPC and the load balancer can directly access the pods. When creating an ingress for external cluster access, you can use ELB to access a ClusterIP Service and use pods as the backend server of the ELB listener. In this way, external traffic can directly access the pods in the cluster without being forwarded by node ports.
                                    
-
                                    Figure 3 Working rules of passthrough networking for dedicated LoadBalancer ingresses in CCE Turbo clusters
                                    
+
                                    Working Rules of LoadBalancer Ingress Controller
                                    LoadBalancer Ingress Controller developed by CCE implements layer-7 network access for the internet and intranet (in the same VPC) based on ELB and distributes access traffic to the target Services using different paths.
                                    
+
                                    LoadBalancer Ingress Controller is deployed on the master node and bound to the load balancer in the VPC where the cluster resides. Different domain names, ports, and forwarding policies can be configured for the same load balancer (with the same IP address). The working rules of LoadBalancer Ingress Controller are as follows:
                                    
+
                                    1. A user creates an ingress and configures a traffic access rule in the ingress, including the load balancer, access path, SSL, and backend Service port.
                                    2. When Ingress Controller detects that the ingress changes, it reconfigures the listener and backend server route on the ELB according to the traffic access rule.
                                    3. When a user attempts to access a workload, the ELB forwards the traffic to the target workload according to the configured forwarding rule.
                                    
 
                                    
-
                                    Working Rules of Nginx Ingress Controller
                                    Nginx Ingress uses ELB as the traffic ingress. The nginx-ingress add-on is deployed in a cluster to balance traffic and control access.
                                    
-
                                     
                                    nginx-ingress uses the templates and images provided by the open-source community, and issues may occur during usage. CCE periodically synchronizes the community version to fix known vulnerabilities. Check whether your service requirements can be met.
                                    
-
                                    You can visit the open source community for more information.
                                    
+
                                    CCE Standard Clusters
                                    Figure 2 Working flow of a LoadBalancer ingress in a CCE standard cluster
                                    
+
                                    
+
                                    CCE Turbo Clusters Where a Shared Load Balancer Is Used
                                    Figure 3 Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a shared load balancer is used
                                    
+
                                    
+
                                    CCE Turbo Clusters Where a Dedicated Load Balancer Is Used
                                    When a CCE Turbo cluster is used, pod IP addresses are directly allocated from the VPC. Dedicated load balancers enable passthrough networking to pods. When creating an ingress for external cluster access, you can use ELB to access a ClusterIP Service and use pods as the backend server of the ELB listener. In this way, external traffic can directly access the pods in the cluster without being forwarded by node ports.
                                    
+
                                    Figure 4 Working flow of a LoadBalancer ingress in a CCE Turbo cluster where a dedicated load balancer is used
                                    
+
                                    
+
                                    Working Rules of NGINX Ingress Controller
                                    Nginx Ingress uses ELB as the traffic ingress. The NGINX Ingress Controller add-on is deployed in a cluster to balance traffic and control access.
                                    
+
                                     
                                    NGINX Ingress Controller uses the charts and images provided by the open-source community, and issues may occur during usage. CCE periodically synchronizes the community version to fix known vulnerabilities. Check whether your service requirements can be met.
                                    
 
                                    
-
                                    Nginx Ingress Controller is deployed on worker nodes through pods, which will result in O&M costs and Nginx component running overheads. Figure 4 shows the working rules of Nginx Ingress Controller.
                                    
-
                                    1. After you update ingress resources, Nginx Ingress Controller writes a forwarding rule defined in the ingress resources into the nginx.conf configuration file of Nginx.
                                    2. The built-in Nginx component reloads the updated configuration file to modify and update the Nginx forwarding rule.
                                    3. When traffic accesses a cluster, the traffic is first forwarded by the created load balancer to the Nginx component in the cluster. Then, the Nginx component forwards the traffic to each workload based on the forwarding rule.
                                    
-
                                    Figure 4 Working rules of Nginx Ingress Controller
                                    
+
                                    NGINX Ingress Controller is deployed on worker nodes through pods, which will result in O&M costs and Nginx component running overheads. Figure 5 shows the working rules of NGINX Ingress Controller.
                                    
+
                                    1. After you update ingress resources, NGINX Ingress Controller writes a forwarding rule defined in the ingress resources into the nginx.conf configuration file of Nginx.
                                    2. The built-in Nginx component reloads the updated configuration file to modify and update the Nginx forwarding rule.
                                    3. When traffic accesses a cluster, the traffic is first forwarded by the created load balancer to the Nginx component in the cluster. Then, the Nginx component forwards the traffic to each workload based on the forwarding rule.
                                    
+
                                    Figure 5 Working rules of NGINX Ingress Controller
                                    
 
                                    
-
                                    Services Supported by Ingresses
                                    Table 2 lists the Services supported by LoadBalancer ingresses.
-
                                    Table 2 Services supported by LoadBalancer ingresses
                                    Cluster Type
                                    
+
                                    Services Supported by LoadBalancer Ingresses
                                    
+
                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                    Table 2 Services supported by LoadBalancer ingresses
                                    Cluster Type
                                    
 
                                    ELB Type
                                    
+
                                    ELB Type
                                    
 
                                    ClusterIP
                                    
+
                                    ClusterIP
                                    
 
                                    NodePort
                                    
+
                                    NodePort
                                    
                                     		
 
                                    
 
                                    CCE standard cluster
                                    
+
                                    CCE standard cluster
                                    
 
                                    Shared load balancer
                                    
+
                                    Shared load balancer
                                    
 
                                    Not supported
                                    
+
                                    Not supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    Dedicated load balancer
                                    
+
                                    Dedicated load balancer
                                    
 
                                    Not supported (Failed to access the dedicated load balancers because no ENI is bound to the associated pod of the ClusterIP Service.)
                                    
+
                                    Not supported (Failed to access the dedicated load balancers because no ENI is bound to the associated pod of the ClusterIP Service.)
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    CCE Turbo cluster
                                    
+
                                    CCE Turbo cluster
                                    
 
                                    Shared load balancer
                                    
+
                                    Shared load balancer
                                    
 
                                    Not supported
                                    
+
                                    Not supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    Dedicated load balancer
                                    
+
                                    Dedicated load balancer
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Not supported (Failed to access the dedicated load balancers because an ENI has been bound to the associated pod of the NodePort Service.)
                                    
+
                                    Not supported (Failed to access the dedicated load balancers because an ENI has been bound to the associated pod of the NodePort Service.)
                                    
                                     		
 
                                    
                                     
 
                                    
 
                                    
 
                                    
-
                                    Table 3 lists the Services supported by Nginx Ingress.
-
                                    Table 3 Services supported by Nginx Ingress
                                    Cluster Type
                                    
+
                                    Services Supported by Nginx Ingresses
                                    
+
                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -187,7 +192,6 @@
 
-
                                    
 
                                    
 
                                    Parent topic: Ingresses
                                    
diff --git a/docs/cce/umn/cce_10_0105.html b/docs/cce/umn/cce_10_0105.html
index 48a49b3a5..903565d12 100644
--- a/docs/cce/umn/cce_10_0105.html
+++ b/docs/cce/umn/cce_10_0105.html
@@ -5,7 +5,7 @@
 
                                    CCE provides the following lifecycle callback functions:
                                    
 
                                    • Startup Command: executed to start a container. For details, see Startup Commands.
                                    • Post-Start: executed immediately after a container is started. For details, see Post-Start Processing.
                                    • Pre-Stop: executed before a container is stopped. The pre-stop processing function helps you ensure that the services running on the pods can be completed in advance in the case of pod upgrade or deletion. For details, see Pre-Stop Processing.
                                    
 
                                    
-
                                    Startup Commands
                                    By default, the default command during image start. To run a specific command or rewrite the default image value, you must perform specific settings:
                                    
+
                                    Startup Commands
                                    By default, the default command is executed during image start. To run a specific command or rewrite the default image setting, you must perform specific operations.
                                    
 
                                    A Docker image has metadata that stores image information. If lifecycle commands and arguments are not set, CCE runs the default commands and arguments, that is, Docker instructions ENTRYPOINT and CMD, provided during image creation. 
                                    
 
                                    If the commands and arguments used to run a container are set during application creation, the default commands ENTRYPOINT and CMD are overwritten during image build. The rules are as follows:
                                    
 
@@ -132,13 +132,13 @@
 
 
                                    
-
                                    Table 3 Services supported by Nginx ingress
                                    Cluster Type
                                    
 
                                    ELB Type
                                    
+
                                    ELB Type
                                    
 
                                    ClusterIP
                                    
+
                                    ClusterIP
                                    
 
                                    NodePort
                                    
+
                                    NodePort
                                    
                                     		
 
                                    
 
                                    CCE standard cluster
                                    
+
                                    CCE standard cluster
                                    
 
                                    Shared load balancer
                                    
+
                                    Shared load balancer
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    Dedicated load balancer
                                    
+
                                    Dedicated load balancer
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    CCE Turbo cluster
                                    
+
                                    CCE Turbo cluster
                                    
 
                                    Shared load balancer
                                    
+
                                    Shared load balancer
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    Dedicated load balancer
                                    
+
                                    Dedicated load balancer
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
 
                                    Supported
                                    
+
                                    Supported
                                    
                                     		
 
                                    
                                     
 
 
 
                                    CLI
                                    
 
                                    Set commands to be executed in the container for pre-stop processing. The command format is Command Args[1] Args[2].... Command is a system command or a user-defined executable program. If no path is specified, an executable program in the default path will be selected. If multiple commands need to be executed, write the commands into a script for execution.
                                    
+
                                    Set commands to be executed in the container for pre-stop processing. The command format is Command Args[1] Args[2].... Command is a system command or a user-defined executable program. If no path is specified, an executable program in the default path will be selected. If multiple commands need to be executed, write the commands into a script for execution.
                                    
 
                                    Example command:
                                    
 
                                    exec: 
   command: 
   - /uninstall.sh 
   - uninstall_agent
                                    
-
                                    Enter /uninstall uninstall_agent in the script. This command indicates that the uninstall.sh script will be executed before the container completes its execution and stops running.
                                    
+
                                    Enter /uninstall uninstall_agent in the script. This command indicates that uninstall.sh will be executed before the container completes its execution and stops running.
                                    
                                     		
 
                                    
 
                                    HTTP request
                                    
diff --git a/docs/cce/umn/cce_10_0107.html b/docs/cce/umn/cce_10_0107.html
index ed5382a79..007753638 100644
--- a/docs/cce/umn/cce_10_0107.html
+++ b/docs/cce/umn/cce_10_0107.html
@@ -36,7 +36,7 @@ mv -f kubeconfig.
 
                                    
 
 
                                    Two-Way Authentication for Domain Names
                                    CCE supports two-way authentication for domain names.
                                    
-
                                    • After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run kubectl config use-context externalTLSVerify to enable the two-way domain name authentication.
                                    • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                                    • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                                    • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.yaml again.
                                    • If the two-way domain name authentication is not supported, kubeconfig.yaml contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, download the kubeconfig.yaml file again and enable two-way authentication for the domain names.
                                      Figure 1 Two-way authentication disabled for domain names
                                      
+
                                      • After an EIP is bound to an API Server, two-way domain name authentication is disabled by default if kubectl is used to access the cluster. You can run kubectl config use-context externalTLSVerify to enable the two-way domain name authentication.
                                      • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                                      • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                                      • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.yaml again.
                                      • If the two-way domain name authentication is not supported, kubeconfig.yaml contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, download the kubeconfig.yaml file again and enable two-way authentication for the domain names.
                                        Figure 1 Two-way authentication disabled for domain names
                                        
 
                                      
 
                                    
 
                                    FAQs
                                    • Error from server Forbidden
                                      When you use kubectl to create or query Kubernetes resources, the following output is returned:
                                      
diff --git a/docs/cce/umn/cce_10_0111.html b/docs/cce/umn/cce_10_0111.html
index 4905d5568..9ead90e46 100644
--- a/docs/cce/umn/cce_10_0111.html
+++ b/docs/cce/umn/cce_10_0111.html
@@ -1,8 +1,7 @@
 
 
 
                                      Scalable File Service
                                      
-
                                      
-
                                      
+
                                      
 
                                      
 
                                        
 
                                      • Overview
                                        
diff --git a/docs/cce/umn/cce_10_0112.html b/docs/cce/umn/cce_10_0112.html
index 9d34d3b0b..e1354d404 100644
--- a/docs/cce/umn/cce_10_0112.html
+++ b/docs/cce/umn/cce_10_0112.html
@@ -94,7 +94,7 @@ spec:
       periodSeconds: 5
     startupProbe:                  # Startup probe
       httpGet:                     # Checking an HTTP request is used as an example.
-        path: /healthz             # The HTTP check path is /healthz.
+        path: /healthz             # The HTTP check path is /healthz.
         port: 80                   # The check port number is 80.
       failureThreshold: 30
       periodSeconds: 10
diff --git a/docs/cce/umn/cce_10_0113.html b/docs/cce/umn/cce_10_0113.html
index c12190b47..7948b0693 100644
--- a/docs/cce/umn/cce_10_0113.html
+++ b/docs/cce/umn/cce_10_0113.html
@@ -7,9 +7,10 @@
 
                                        Configurations must be imported to a container as arguments. Otherwise, configurations will be lost after the container restarts.
                                        
 
                                    
 
                                    Environment variables can be set in the following modes:
                                    
-
                                    • Custom: Enter the environment variable name and parameter value.
                                    • Added from ConfigMap key: Import all keys in a ConfigMap as environment variables.
                                    • Added from ConfigMap: Import a key in a ConfigMap as the value of an environment variable. As shown in Figure 1, if you import configmap_value of configmap_key in configmap-example as the value of environment variable key1, an environment variable named key1 whose value is configmap_value is available in the container.
                                    • Added from secret: Import all keys in a secret as environment variables.
                                    • Added from secret key: Import the value of a key in a secret as the value of an environment variable. As shown in Figure 1, if you import secret_value of secret_key in secret-example as the value of environment variable key2, an environment variable named key2 whose value is secret_value is available in the container.
                                    • Variable value/reference: Use the field defined by a pod as the value of the environment variable. As shown in Figure 1, if the pod name is imported as the value of environment variable key3, an environment variable named key3 whose value is the pod name is available in the container.
                                    • Resource Reference: The value of Request or Limit defined by the container is used as the value of the environment variable. As shown in Figure 1, if you import the CPU limit of container-1 as the value of environment variable key4, an environment variable named key4 whose value is the CPU limit of container-1 is available in the container.
                                    
+
                                    • Custom: Enter the environment variable name and parameter value.
                                    • Added from ConfigMap: Import all key values in a ConfigMap as environment variables.
                                    • Added from ConfigMap key: Import the value of a key in a ConfigMap as the value of an environment variable. As shown in Figure 1, if you import configmap_value of configmap_key in configmap-example as the value of environment variable key1, an environment variable named key1 whose value is configmap_value is available in the container.
                                    • Added from secret: Import all key values in a secret as environment variables.
                                    • Added from secret key: Import the value of a key in a secret as the value of an environment variable. As shown in Figure 1, if you import secret_value of secret_key in secret-example as the value of environment variable key2, an environment variable named key2 whose value is secret_value is available in the container.
                                    • Variable Value/Reference: Use the field defined by a pod as the value of the environment variable. As shown in Figure 1, if the pod name is imported as the value of environment variable key3, an environment variable named key3 whose value is the pod name is available in the container.
                                    • Resource Reference: The value of Request or Limit defined by the container is used as the value of the environment variable. As shown in Figure 1, if you import the CPU limit of container-1 as the value of environment variable key4, an environment variable named key4 whose value is the CPU limit of container-1 is available in the container.
                                    
 
-
                                    Adding Environment Variables
                                    1. Log in to the CCE console.
                                    2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                    3. When creating a workload, modify the container information in Container Settings and click the Environment Variables tab.
                                    4. Configure environment variables.
                                      Figure 1 Configuring environment variables
                                      
+
                                      Adding Environment Variables
                                      1. Log in to the CCE console.
                                      2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                      3. When creating a workload, modify the container information in Container Settings and click the Environment Variables tab.
                                      4. Configure environment variables.
                                        • To add environment variables one by one, click Adding a Variable and configure its parameters.
                                        • To add environment variables in batches, click Editing Custom Variables in Batches. Then, in the displayed dialog box, enter environment variables in the format of "Variable name=Variable or variable reference".
                                        
+
                                        Figure 1 Configuring environment variables
                                        
 
                                      
 
                                      
 
                                      YAML Example
                                      apiVersion: apps/v1
@@ -92,7 +93,7 @@ env-example-695b759569-lx9jp   1/1     Running   0          17m
 $ kubectl exec env-example-695b759569-lx9jp  -- printenv
 / # env
 key=value                             # Custom environment variable
-ey1=configmap_value                  # Added from ConfigMap key
+key1=configmap_value                  # Added from ConfigMap key
 key2=secret_value                     # Added from secret key
 key3=env-example-695b759569-lx9jp     # metadata.name defined by the pod
 key4=1                                # limits.cpu defined by container1. The value is rounded up, in unit of cores.
diff --git a/docs/cce/umn/cce_10_0125.html b/docs/cce/umn/cce_10_0125.html
index b2842e639..a10995148 100644
--- a/docs/cce/umn/cce_10_0125.html
+++ b/docs/cce/umn/cce_10_0125.html
@@ -1,8 +1,7 @@
 
 
 
                                      SFS Turbo
                                      
-
                                      
-
                                      
+
                                      
 
                                      
 
 
diff --git a/docs/cce/umn/cce_10_0127.html b/docs/cce/umn/cce_10_0127.html
index 8196a3eca..72debccc1 100644
--- a/docs/cce/umn/cce_10_0127.html
+++ b/docs/cce/umn/cce_10_0127.html
@@ -10,7 +10,7 @@
 
                                      
 
                                      Installing the Add-on
                                      This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:
                                      
 
                                      If storage-driver is not installed in a cluster, perform the following steps to install it:
                                      
-
                                      1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CCE Container Storage (FlexVolume) on the right, and click Install.
                                      2. Click Install to install the add-on. Note that the storage-driver has no configurable parameters and can be directly installed.
                                      
+
                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Container Storage (FlexVolume) on the right, and click Install.
                                      2. Click Install to install the add-on. Note that the storage-driver has no configurable parameters and can be directly installed.
                                      
 
                                      
 
                                      
 
                                      
diff --git a/docs/cce/umn/cce_10_0129.html b/docs/cce/umn/cce_10_0129.html
index ab290b791..5a13f5d08 100644
--- a/docs/cce/umn/cce_10_0129.html
+++ b/docs/cce/umn/cce_10_0129.html
@@ -13,109 +13,90 @@
 
                                      Notes and Constraints
                                      To run CoreDNS properly or upgrade CoreDNS in a cluster, ensure the number of available nodes in the cluster is greater than or equal to the number of CoreDNS instances and all CoreDNS instances are running. Otherwise, the add-on will malfunction or the upgrade will fail.
                                      
 
                                      
 
                                      Installing the Add-on
                                      This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:
                                      
-
                                      1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CoreDNS on the right, and click Install.
                                      2. On the Install Add-on page, configure the specifications.
                                        
-
                                        Table 1 Add-on configuration
                                        Parameter
                                        
+
                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Install.
                                        2. On the Install Add-on page, configure the specifications as needed.
                                          • If you selected Preset, you can choose between Small qps, Medium qps, or Large qps as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                            The small one can handle up to 2500 external and 10,000 internal domain names QPS. The medium specification can handle up to 5000 external and 20,000 internal domain names QPS. The large specification can handle up to 10,000 external and 40,000 internal domain names QPS.
                                            
+
                                          • You can adjust the number of pods and resource quotas as needed if you selected Custom. QPS of the CoreDNS add-on is positively correlated with the CPU consumption. If the number of nodes or containers in the cluster grows, the CoreDNS pod will bear heavier workloads. It is recommended that you adjust the number of the CoreDNS pods and their CPU and memory quotas based on the cluster scale. For details, see Table 1.
+
                                            
-
+
+
+
+
+
-
-
+
+
+
+
+
-
-
-
-
-
                                            Table 1 Recommended CoreDNS quotas
                                            Nodes
                                            
 
                                            Description
                                            
+
                                            Recommended QPS
                                            
+
                                            Pods
                                            
+
                                            Requested vCPUs
                                            
+
                                            vCPU Limit
                                            
+
                                            Requested Memory
                                            
+
                                            Memory Limit
                                            
                                             		
 
                                            
 
                                            Pods
                                            
+
                                            50
                                            
 
                                            Number of pods for the add-on.
                                            
-
                                            High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                            
+
                                            2500
                                            
+
                                            2
                                            
+
                                            500m
                                            
+
                                            500m
                                            
+
                                            512 MiB
                                            
+
                                            512 MiB
                                            
                                             		
 
                                            Containers
                                            
+
                                            200
                                            
 
                                            Queries per second (QPS) of the CoreDNS add-on is positively correlated with the CPU consumption. If the number of nodes or containers in the cluster grows, the CoreDNS pods will bear heavier workloads. Adjust the number of the CoreDNS pods and their CPU and memory quotas based on the cluster scale. For details, see Table 2.
                                            
-
                                            
-
                                            
-
-
                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                            Table 2 Recommended CoreDNS quotas
                                            Nodes
                                            
-
                                            Recommended QPS
                                            
-
                                            Pods
                                            
-
                                            Requested vCPUs
                                            
-
                                            vCPU Limit
                                            
-
                                            Requested Memory
                                            
-
                                            Memory Limit
                                            
-
                                            50
                                            
-
                                            2500
                                            
-
                                            2
                                            
-
                                            500m
                                            
-
                                            500m
                                            
-
                                            512 MiB
                                            
-
                                            512 MiB
                                            
-
                                            200
                                            
-
                                            5000
                                            
-
                                            2
                                            
-
                                            1000m
                                            
-
                                            1000m
                                            
-
                                            1024 MiB
                                            
-
                                            1024 MiB
                                            
-
                                            1000
                                            
-
                                            10000
                                            
-
                                            2
                                            
-
                                            2000m
                                            
-
                                            2000m
                                            
-
                                            2048 MiB
                                            
-
                                            2048 MiB
                                            
-
                                            2000
                                            
-
                                            20000
                                            
-
                                            4
                                            
-
                                            2000m
                                            
-
                                            2000m
                                            
-
                                            2048 MiB
                                            
-
                                            2048 MiB
                                            
+
                                            5000
                                            
+
                                            2
                                            
+
                                            1000m
                                            
+
                                            1000m
                                            
+
                                            1024 MiB
                                            
+
                                            1024 MiB
                                            
+
                                            1000
                                            
+
                                            10000
                                            
+
                                            2
                                            
+
                                            2000m
                                            
+
                                            2000m
                                            
+
                                            2048 MiB
                                            
+
                                            2048 MiB
                                            
+
                                            2000
                                            
+
                                            20000
                                            
+
                                            4
                                            
+
                                            2000m
                                            
+
                                            2000m
                                            
+
                                            2048 MiB
                                            
+
                                            2048Mi
                                            
                                             		
 
                                            
                                             
 
                                            
 
                                            
+
                                          
 
                                        3. Configure the add-on parameters.
                                          
-
                                          Table 3 CoreDNS add-on parameters
                                          Parameter
                                          
+
                                          
@@ -127,16 +108,16 @@
 
                                          For details, see Configuring the Stub Domain for CoreDNS.
                                          
-
-
                                          Table 2 Add-on parameters
                                          Parameter
                                          
                                           		
 
                                          Description
                                          
                                           		
 
 
                                          Advance Config
                                          
+
                                          Extended Parameter Settings
                                          
 
                                          • parameterSyncStrategy: indicates whether to configure consistency check when the add-on is upgraded.
                                            • ensureConsistent: indicates that the configuration consistency check is enabled. If the configuration recorded in the cluster is inconsistent with the actual configuration, the add-on cannot be upgraded.
                                            • force: indicates that the configuration consistency check is ignored during an upgrade. In this case, you must ensure that the current effective configuration is the same as the original configuration. After the add-on is upgraded, restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                                            • inherit: indicates that custom settings are automatically inherited during an upgrade. After the add-on is upgraded, the value of parameterSyncStrategy is automatically restored to ensureConsistent to enable the configuration consistency check again.
                                            
+
                                          • parameterSyncStrategy: indicates whether to configure consistency check when the add-on is upgraded.
                                            • ensureConsistent: indicates that the configuration consistency check is enabled. If the configuration provided during the add-on upgrade does not match the current effective configuration, the add-on cannot be upgraded.
                                            • force: indicates that the configuration consistency check is ignored during an upgrade. The configuration provided during the add-on upgrade will be used, so it is important to make sure that it matches the current effective configuration. After the add-on is upgraded, you need to restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                                            • inherit: If the configuration provided during the add-on upgrade differs from the current effective configuration, the current effective configuration will be used instead. After the add-on is upgraded, you need to restore the value of parameterSyncStrategy to ensureConsistent to enable the configuration consistency check again.
                                            
 
                                          • servers: nameservers, which are available in CoreDNS v1.23.1 and later versions. You can customize nameservers. For details, see dns-custom-nameservers.
                                            plugins indicates the configuration of each component in CoreDNS. Retain the default settings typically to prevent CoreDNS from being unavailable due to configuration errors. Each plugin component contains name, parameters (optional), and configBlock (optional). The format of the generated Corefile is as follows:
                                            $name  $parameters {
 $configBlock
 }
                                            
 
                                            
-
                                            Table 4 describes common plugins. For details, see Plugins.
                                            
-
                                          • upstream_nameservers: specifies the IP address of the upstream DNS server.
                                          
-
                                          Example of advanced configurations:
                                          
+
                                          Table 3 describes common plugins. For details, see Plugins.
                                          
+
                                        4. upstream_nameservers: specifies the IP address of the upstream DNS server.
                                          5. 
+
                                          Example:
                                          
 
                                          {
      "annotations": {},
      "parameterSyncStrategy": "ensureConsistent",
@@ -200,74 +181,100 @@ $configBlock
 
                                          
 
                                          
 
-
                                          Table 4 Default plugin configuration of the active CoreDNS zone
                                          Plugin Name
                                          
+
                                          
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
                                          Table 3 Default CoreDNS configurations
                                          Plugin Name
                                          
 
                                          Description
                                          
+
                                          Type
                                          
+
                                          Description
                                          
                                           		
 
                                          
 
                                          bind
                                          
+
                                          bind
                                          
 
                                          Host IP address listened by CoreDNS. Retain the default value {$POD_IP}. For details, see bind.
                                          
+
                                          Default configuration
                                          
+
                                          Host IP address listened by CoreDNS. Retain the default value {$POD_IP}. For details, see bind.
                                          
                                           		
 
                                          cache
                                          
+
                                          cache
                                          
 
                                          Enables DNS cache. For details, see cache.
                                          
+
                                          Default configuration
                                          
+
                                          Enables DNS cache. For details, see cache.
                                          
                                           		
 
                                          errors
                                          
+
                                          errors
                                          
 
                                          Errors are logged to stdout. For details, see errors.
                                          
+
                                          Default configuration
                                          
+
                                          Errors are logged to stdout. For details, see errors.
                                          
                                           		
 
                                          health
                                          
+
                                          health
                                          
 
                                          Health check for CoreDNS. {$POD_IP}:8080 is listened to. Retain the default setting. Otherwise, the CoreDNS health check will fail and the add-on will restart repeatedly. For details, see health.
                                          
+
                                          Default configuration
                                          
+
                                          Health check for CoreDNS. {$POD_IP}:8080 is listened to. Retain the default setting. Otherwise, the CoreDNS health check will fail and the add-on will restart repeatedly. For details, see health.
                                          
                                           		
 
                                          ready
                                          
+
                                          ready
                                          
 
                                          Whether the backend server is ready to receive traffic. {$POD_IP}:8081 is listened to. If the backend server is not ready, CoreDNS will suspend DNS resolution until the backend server is ready. For details, see ready.
                                          
+
                                          Default configuration
                                          
+
                                          Whether the backend server is ready to receive traffic. {$POD_IP}:8081 is listened to. If the backend server is not ready, CoreDNS will suspend DNS resolution until the backend server is ready. For details, see ready.
                                          
                                           		
 
                                          kubernetes
                                          
+
                                          kubernetes
                                          
 
                                          CoreDNS Kubernetes plugin, which provides the service parsing capability in a cluster. For details, see kubernetes.
                                          
+
                                          Default configuration
                                          
+
                                          CoreDNS Kubernetes plugin, which provides the service parsing capability in a cluster. For details, see kubernetes.
                                          
                                           		
 
                                          loadbalance
                                          
+
                                          loadbalance
                                          
 
                                          Round-robin DNS load balancer that randomizes the order of A, AAAA, and MX records in an answer. For details, see loadbalance.
                                          
+
                                          Default configuration
                                          
+
                                          Round-robin DNS load balancer that randomizes the order of A, AAAA, and MX records in an answer. For details, see loadbalance.
                                          
                                           		
 
                                          prometheus
                                          
+
                                          prometheus
                                          
 
                                          API for obtaining CoreDNS metrics. {$POD_IP}:9153 is listened to in the default zone. Retain the default setting. Otherwise, Prometheus cannot collect CoreDNS metrics. For details, see Prometheus.
                                          
+
                                          Default configuration
                                          
+
                                          API for obtaining CoreDNS metrics. {$POD_IP}:9153 is listened to by default. Retain the default setting. Otherwise, Prometheus cannot collect CoreDNS metrics. For details, see Prometheus.
                                          
                                           		
 
                                          forward
                                          
+
                                          forward
                                          
 
                                          Forwards any queries that are not within the cluster domain of Kubernetes to predefined resolvers (/etc/resolv.conf). For details, see forward.
                                          
+
                                          Default configuration
                                          
+
                                          Forwards any queries that are not within the cluster domain of Kubernetes to predefined resolvers (/etc/resolv.conf). For details, see forward.
                                          
                                           		
 
                                          reload
                                          
+
                                          reload
                                          
 
                                          Automatically reloads modified Corefiles. After you modify a ConfigMap, wait for two minutes for the modification to take effect. For details, see reload.
                                          
+
                                          Default configuration
                                          
+
                                          Automatically reloads modified Corefiles. After you modify a ConfigMap, wait for two minutes for the modification to take effect. For details, see reload.
                                          
                                           		
 
                                          log
                                          
+
                                          log
                                          
 
                                          Enables CoreDNS logging. For details, see log.
                                          
+
                                          Extended configuration
                                          
+
                                          Enables CoreDNS logging. For details, see log.
                                          
 
                                          Example:
                                          
 
                                          {
    "name": "log"
 }
                                          
                                           		
 
                                          template
                                          
+
                                          template
                                          
 
                                          A quick response template, where AAAA indicates an IPv6 request. If NXDOMAIN is returned in an rcode response, no IPv6 resolution result is returned. For details, see template.
                                          
+
                                          Extended configuration
                                          
+
                                          A quick response template, where AAAA indicates an IPv6 request. If NXDOMAIN is returned in an rcode response, no IPv6 resolution result is returned. For details, see template.
                                          
 
                                          Example:
                                          
 
                                          {
    "configBlock": "rcode NXDOMAIN",
@@ -279,23 +286,23 @@ $configBlock
 
                                          
 
                                          
 
                                          
-
                                        5. Configure scheduling policies for the add-on.
                                           
                                          • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                          • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                          
+
                                        6. Configure deployment policies for the add-on pods.
                                           
                                          • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                          • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                          
 
                                          
 
-
                                          Table 5 Configurations for add-on scheduling
                                          Parameter
                                          
+
                                          
-
-
-
@@ -311,20 +318,28 @@ $configBlock
 
                                        7. Click Install.
                                          8. 
+
                                          Configuring CoreDNS Using Corefile
                                           
                                          The Corefile view configuration is not available during CoreDNS installation. This configuration is supported only when you are editing or upgrading the add-on.
                                          
+
                                          
+
                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Edit.
                                          2. In the Parameters area, select whether to switch to the Corefile View (supported by add-on 1.30.3 and later versions).
                                            Once the function is enabled, the ConfigMap of CoreDNS in the kube-system namespace will be directly configured in the Corefile format. Any existing stub domain configurations and parameters such as parameterSyncStrategy, servers, and upstream_nameservers in the advanced configuration will no longer be in effect. It is important to verify that the Corefile configuration is accurate.
                                            
+
                                            For description of the Corefile format, see Configuration.
                                            
+
                                             
                                            • Once the Corefile view is disabled, the ConfigMap of CoreDNS will continue to be configured based on to the stub domain configurations and parameters such as parameterSyncStrategy, servers, and upstream_nameservers in the advanced configuration. It is important to verify that the configuration is correct during the function switchover.
                                            • Once the Corefile view is enabled, the add-on can be upgraded. However, if the Corefile view is disabled again, the add-on upgrade will override the current configurations. To complete the upgrade, parameterSyncStrategy must be set to either force or inherit.
                                            • Once the Corefile configuration is modified, simply wait for CoreDNS' reload mechanism to automatically update the configuration. This typically takes about 10 seconds for the changes to take effect.
                                            
+
                                            
+
                                          3. After editing the Corefile, click OK.
                                          
+
                                          Components
                                          
-
                                          Table 4 Configurations for add-on scheduling
                                          Parameter
                                          
                                           		
 
                                          Description
                                          
                                           		
 
                                          
 
                                          Multi AZ
                                          
+
                                          Multi-AZ Deployment
                                          
 
                                          • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                          • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                          • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                          
+
                                          • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                          • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                          • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                          
                                           		
 
                                          
 
                                          Node Affinity
                                          
 
                                          • Not configured: Node affinity is disabled for the add-on.
                                          • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                          • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                          • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                            If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                            
+
                                          • Not configured: Node affinity is disabled for the add-on.
                                          • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                          • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                          • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                            If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                            
 
                                          
                                           		
 
                                          
 
 
 
                                          Table 6 Add-on components
                                          Component
                                          
+
                                          
-
-
-
-
-
@@ -341,166 +356,181 @@ $configBlock
 
                                          1. The query is first sent to the DNS caching layer in CoreDNS.
                                          2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                            • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                                            
 
                                            • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                                            • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                                            
 
                                          
-
                                          Figure 1 Routing
                                          
+
                                          Figure 1 Routing
                                          Change History
                                          
-
                                          Table 5 Add-on components
                                          Component
                                          
 
                                          Description
                                          
+
                                          Description
                                          
 
                                          Resource Type
                                          
+
                                          Resource Type
                                          
                                           		
 
                                          
 
                                          CoreDNS
                                          
+
                                          CoreDNS
                                          
 
                                          DNS server for clusters
                                          
+
                                          DNS server for clusters
                                          
 
                                          Deployment
                                          
+
                                          Deployment
                                          
                                           		
 
                                          
                                           
 
 
                                          Table 7 Release history
                                          Add-on Version
                                          
+
                                          
-
-
-
-
-
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0130.html b/docs/cce/umn/cce_10_0130.html
index 3f68b0327..bacc160fa 100644
--- a/docs/cce/umn/cce_10_0130.html
+++ b/docs/cce/umn/cce_10_0130.html
@@ -22,8 +22,6 @@
 
                                        8. Configuring Workload Upgrade Policies
                                          
 
                                          9. 
-
                                        9. Scheduling Policies (Affinity/Anti-affinity)
                                          
-
                                        10. Configuring Tolerance Policies
                                          
 
                                        11. Configuring Labels and Annotations
                                          
diff --git a/docs/cce/umn/cce_10_0132.html b/docs/cce/umn/cce_10_0132.html
index a1a56debb..2e45a511d 100644
--- a/docs/cce/umn/cce_10_0132.html
+++ b/docs/cce/umn/cce_10_0132.html
@@ -1,90 +1,34 @@
 
 
 
                                          CCE Node Problem Detector
                                          
-
                                          Introduction
                                          CCE node problem detector (NPD) is an add-on that monitors abnormal events of cluster nodes and connects to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. The NPD add-on can run as a DaemonSet or a daemon.
                                          
+
                                          Introduction
                                          CCE Node Problem Detector (NPD) is an add-on that monitors abnormal events of cluster nodes and connects to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. This add-on can run as a DaemonSet or a daemon.
                                          
 
                                          For more information, see node-problem-detector.
                                          
 
                                          
-
                                          Notes and Constraints
                                          • When using this add-on, do not format or partition node disks.
                                          • Each NPD process occupies 30m CPUs and 100 MiB memory.
                                          • If the NPD version is 1.18.45 or later, the EulerOS version of the host machine must be 2.5 or later.
                                          
+
                                          Notes and Constraints
                                          • When using this add-on, do not format or partition node disks.
                                          • Each NPD process occupies 30 m CPU and 100 MiB of memory.
                                          • If the NPD version is 1.18.45 or later, the EulerOS version of the host machine must be 2.5 or later.
                                          
 
                                          
 
                                          Permissions
                                          To monitor kernel logs, the NPD add-on needs to read the host /dev/kmsg. Therefore, the privileged mode must be enabled. For details, see privileged.
                                          
 
                                          In addition, CCE mitigates risks according to the least privilege principle. Only the following privileges are available for NPD running:
                                          
 
                                          • cap_dac_read_search: permission to access /run/log/journal.
                                          • cap_sys_admin: permission to access /dev/kmsg.
                                          
 
                                          
-
                                          Installing the Add-on
                                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CCE Node Problem Detector on the right, and click Install.
                                          2. On the Install Add-on page, configure the specifications.
                                            
-
                                          12. Table 6 Release history
                                          Add-on Version
                                          
 
                                          Supported Cluster Version
                                          
+
                                          Supported Cluster Version
                                          
 
                                          New Feature
                                          
+
                                          New Feature
                                          
 
                                          Community Version
                                          
+
                                          Community Version
                                          
                                           		
 
                                          
 
                                          1.29.4
                                          
+
                                          1.30.6
                                          
 
                                          v1.21
                                          
+
                                          v1.21
                                          
+
                                          v1.23
                                          
+
                                          v1.25
                                          
+
                                          v1.27
                                          
+
                                          v1.28
                                          
+
                                          v1.29
                                          
+
                                          v1.30
                                          
+
                                          • Supported Corefile configurations.
                                          • CCE clusters 1.30 are supported.
                                          
+
                                          1.10.1
                                          
+
                                          1.29.4
                                          
+
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          v1.25
                                          
 
                                          v1.27
                                          
 
                                          v1.28
                                          
 
                                          v1.29
                                          
 
                                          CCE clusters 1.29 are supported.
                                          
+
                                          CCE clusters 1.29 are supported.
                                          
 
                                          1.10.1
                                          
+
                                          1.10.1
                                          
                                           		
 
                                          1.28.7
                                          
+
                                          1.28.7
                                          
 
                                          v1.21
                                          
+
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          v1.25
                                          
 
                                          v1.27
                                          
 
                                          v1.28
                                          
 
                                          Supported hot module replacement. Rolling upgrade is not required.
                                          
+
                                          Supported hot module replacement. Rolling upgrade is not required.
                                          
 
                                          1.10.1
                                          
+
                                          1.10.1
                                          
                                           		
 
                                          1.28.5
                                          
+
                                          1.28.5
                                          
 
                                          v1.21
                                          
+
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          v1.25
                                          
 
                                          v1.27
                                          
 
                                          v1.28
                                          
 
                                          Fixed some issues.
                                          
+
                                          Fixed some issues.
                                          
 
                                          1.10.1
                                          
+
                                          1.10.1
                                          
                                           		
 
                                          1.28.4
                                          
+
                                          1.28.4
                                          
 
                                          v1.21
                                          
+
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          v1.25
                                          
 
                                          v1.27
                                          
 
                                          v1.28
                                          
 
                                          CCE clusters 1.28 are supported.
                                          
+
                                          CCE clusters 1.28 are supported.
                                          
 
                                          1.10.1
                                          
+
                                          1.10.1
                                          
                                           		
 
                                          1.27.4
                                          
+
                                          1.27.4
                                          
 
                                          v1.19
                                          
+
                                          v1.19
                                          
 
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          v1.25
                                          
 
                                          v1.27
                                          
 
                                          None
                                          
+
                                          None
                                          
 
                                          1.10.1
                                          
+
                                          1.10.1
                                          
                                           		
 
                                          1.25.11
                                          
+
                                          1.25.11
                                          
 
                                          v1.19
                                          
+
                                          v1.19
                                          
 
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          v1.25
                                          
 
                                          • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                          • Upgrades to its community version 1.10.1.
                                          
+
                                          • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                          • Upgrades to its community version 1.10.1.
                                          
 
                                          1.10.1
                                          
+
                                          1.10.1
                                          
                                           		
 
                                          1.25.1
                                          
+
                                          1.25.1
                                          
 
                                          v1.19
                                          
+
                                          v1.19
                                          
 
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          v1.25
                                          
 
                                          CCE clusters 1.25 are supported.
                                          
+
                                          CCE clusters 1.25 are supported.
                                          
 
                                          1.8.4
                                          
+
                                          1.8.4
                                          
                                           		
 
                                          1.23.3
                                          
+
                                          1.23.3
                                          
 
                                          v1.15
                                          
+
                                          v1.15
                                          
 
                                          v1.17
                                          
 
                                          v1.19
                                          
 
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          Regular upgrade of add-on dependencies
                                          
+
                                          Regular upgrade of add-on dependencies
                                          
 
                                          1.8.4
                                          
+
                                          1.8.4
                                          
                                           		
 
                                          1.23.1
                                          
+
                                          1.23.1
                                          
 
                                          v1.15
                                          
+
                                          v1.15
                                          
 
                                          v1.17
                                          
 
                                          v1.19
                                          
 
                                          v1.21
                                          
 
                                          v1.23
                                          
 
                                          CCE clusters 1.23 are supported.
                                          
+
                                          CCE clusters 1.23 are supported.
                                          
 
                                          1.8.4
                                          
+
                                          1.8.4
                                          
                                           		
 
                                          1.17.15
                                          
+
                                          1.17.15
                                          
 
                                          v1.15
                                          
+
                                          v1.15
                                          
 
                                          v1.17
                                          
 
                                          v1.19
                                          
 
                                          v1.21
                                          
 
                                          CCE clusters 1.21 are supported.
                                          
+
                                          CCE clusters 1.21 are supported.
                                          
 
                                          1.8.4
                                          
+
                                          1.8.4
                                          
                                           		
 
                                          1.17.9
                                          
+
                                          1.17.9
                                          
 
                                          v1.15
                                          
+
                                          v1.15
                                          
 
                                          v1.17
                                          
 
                                          v1.19
                                          
 
                                          Regular upgrade of add-on dependencies
                                          
+
                                          Regular upgrade of add-on dependencies
                                          
 
                                          1.8.4
                                          
+
                                          1.8.4
                                          
                                           		
 
                                          1.17.4
                                          
+
                                          1.17.4
                                          
 
                                          v1.17
                                          
+
                                          v1.17
                                          
 
                                          v1.19
                                          
 
                                          CCE clusters 1.19 are supported.
                                          
+
                                          CCE clusters 1.19 are supported.
                                          
 
                                          1.6.5
                                          
+
                                          1.6.5
                                          
                                           		
 
                                          
                                           
 
 
 
                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                          Table 1 Add-on configuration
                                          Parameter
                                          
-
                                          Description
                                          
-
                                          Add-on Specifications
                                          
-
                                          The specifications can be Custom.
                                          
-
                                          Pods
                                          
-
                                          If you select Custom, you can adjust the number of pods as required.
                                          
-
                                          High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                          
-
                                          Containers
                                          
-
                                          If you select Custom, you can adjust the container specifications as required.
                                          
-
                                          
-
                                          
-
                                        12. Configure the add-on parameters.
                                          Only v1.16.0 and later versions support the configurations.
                                          
-
-
                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                          Table 2 NPD parameters
                                          Parameter
                                          
-
                                          Description
                                          
-
                                          common.image.pullPolicy
                                          
-
                                          An image pulling policy. The default value is IfNotPresent.
                                          
-
                                          feature_gates
                                          
-
                                          A feature gate
                                          
-
                                          npc.maxTaintedNode
                                          
-
                                          The maximum number of nodes that NPC can add taints to when an individual fault occurs on multiple nodes for minimizing impact.
                                          
-
                                          The value can be in int or percentage format.
                                          
-
                                          npc.nodeAffinity
                                          
-
                                          Node affinity of the controller
                                          
-
                                          
-
                                          
-
                                        13. Configure scheduling policies for the add-on.
                                           
                                          • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                          • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                          
+
                                          Installing the Add-on
                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Node Problem Detector on the right, and click Install.
                                          2. On the Install Add-on page, configure the specifications as needed.
                                            You can adjust the number of add-on instances and resource quotas as required. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                            
+
                                          3. Configure the add-on parameters.
                                            Maximum Number of Isolated Nodes in a Fault: specifies the maximum number of nodes that can be isolated to prevent avalanches in case of a fault occurring on multiple nodes. You can configure this parameter either by percentage or quantity.
                                            
+
                                          4. Configure deployment policies for the add-on pods.
                                             
                                            • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                            • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                            
 
                                            
 
-
                                            Table 3 Configurations for add-on scheduling
                                            Parameter
                                            
+
                                            
-
-
-
@@ -101,7 +45,7 @@
 
                                          5. Click Install.
                                            6. Components
                                            
-
                                            Table 1 Configurations for add-on scheduling
                                            Parameter
                                            
                                             		
 
                                            Description
                                            
                                             		
 
                                            
 
                                            Multi AZ
                                            
+
                                            Multi-AZ Deployment
                                            
 
                                            • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                            • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                            • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                            
+
                                            • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                            • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                            • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                            
                                             		
 
                                            
 
                                            Node Affinity
                                            
 
                                            • Not configured: Node affinity is disabled for the add-on.
                                            • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                            • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                            • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                              
+
                                            • Not configured: Node affinity is disabled for the add-on.
                                            • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                            • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                            • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                              
 
                                            
                                             		
 
                                            
 
 
                                            Table 4 Add-on components
                                            Component
                                            
+
                                            
@@ -132,7 +76,7 @@
 
                                            Check items cover events and statuses.
                                            • Event-related
                                              For event-related check items, when a problem occurs, NPD reports an event to the API server. The event type can be Normal (normal event) or Warning (abnormal event).
                                              
 
-
                                            Table 2 Add-on components
                                            Component
                                            
                                             		
 
                                            Description
                                            
                                             		
 
                                            Table 5 Event-related check items
                                            Check Item
                                            
+
                                            
@@ -156,7 +100,7 @@
 
                                            Typical scenario: Disk I/O suspension causes process suspension.
                                            
@@ -168,7 +112,7 @@
 
@@ -178,7 +122,7 @@
 
                                          6. Status-related
                                            For status-related check items, when a problem occurs, NPD reports an event to the API server and changes the node status synchronously. This function can be used together with Node-problem-controller fault isolation to isolate nodes.
                                            
 
                                            If the check period is not specified in the following check items, the default period is 30 seconds.
                                            
 
-
                                            7. Table 3 Event-related check items
                                            Check Item
                                            
                                             		
 
                                            Function
                                            
                                             		
 
 
                                            Warning event
                                            
-
                                            Listening object: /dev/kmsg
                                            
+
                                            Listening object: /dev/kmsg
                                            
 
                                            Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."
                                            
                                             		
 
                                            
 
 
                                            Warning event
                                            
-
                                            Listening object: /dev/kmsg
                                            
+
                                            Listening object: /dev/kmsg
                                            
 
                                            Matching rule: Remounting filesystem read-only
                                            
                                             		
 
                                            Table 6 Checking system components
                                            Check Item
                                            
+
                                            
@@ -245,7 +189,7 @@
 
                                            Table 4 Checking system components
                                            Check Item
                                            
                                             		
 
                                            Function
                                            
 
                                            
 
                                            
 
-
                                            Table 7 Checking system metrics
                                            Check Item
                                            
+
                                            
@@ -300,7 +244,7 @@
 
                                            Table 5 Checking system metrics
                                            Check Item
                                            
                                             		
 
                                            Function
                                            
 
                                            
 
                                            
 
-
                                            Table 8 Checking the storage
                                            Check Item
                                            
+
                                            
@@ -324,7 +268,7 @@
 
@@ -374,7 +319,7 @@
 
                                            Table 6 Checking the storage
                                            Check Item
                                            
                                             		
 
                                            Function
                                            
                                             		
 
                                            Check whether the ephemeral volume group on the node is normal.
                                            
 
                                            Impact: Pods that depend on the storage pool cannot write data to the temporary volume. The temporary volume is remounted as a read-only file system by the kernel due to an I/O error.
                                            
-
                                            Typical scenario: When creating a node, a user configures two data disks as a temporary volume storage pool. Some data disks are deleted by mistake. As a result, the storage pool becomes abnormal.
                                            
+
                                            Typical scenario: When creating a node, a user configures two data disks as an ephemeral volume storage pool. Some data disks are deleted by mistake. As a result, the storage pool becomes abnormal.
                                            
                                             		
 
                                            • Detection period: 30s
                                            • Source:
                                              vgs -o vg_name, vg_attr
                                              
 
                                            • Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                            • Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                            • Exceptional scenario: The NPD add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                            
@@ -359,8 +303,9 @@
 
                                            • Check object: all data disks
                                            • Source:
                                              /proc/diskstat
                                              
 
                                              Alternatively, you can run the following command:
                                              iostat -xmt 1
                                              
 
                                              
-
                                            • Threshold:
                                              • Average usage: ioutil >= 0.99
                                              • Average I/O queue length: avgqu-sz >= 1
                                              • Average I/O transfer volume: iops (w/s) + ioth (wMB/s) <= 1
                                              
-
                                               NOTE: 
                                              In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.
                                              
+
                                            • Thresholds: (All following conditions must be met).
                                              • Average usage (ioutil) ≥ 0.99
                                              • Average I/O queue length (avgqu-sz) ≥ 1
                                              • Average I/O transfer volume ≤ 1
                                                Average I/O transfer volume = Number of writes completed per second (iops, unit: w/s) + Amount of data written per second (ioth, unit: wMB/s)
                                                
+
                                              
+
                                               NOTE: 
                                              In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.
                                              
 
                                              
 
                                            
 
                                            • Check object: all data disks
                                            • Source:
                                              /proc/diskstat
                                              
 
                                              Alternatively, you can run the following command:
                                              iostat -xmt 1
                                              
 
                                              
-
                                            • Default threshold:
                                              Average I/O latency: await >= 5000 ms
                                              
+
                                            • Default threshold:
                                              Average I/O latency (await) ≥ 5000 ms
                                              
 
                                            
 
                                             NOTE: 
                                            If I/O requests are not responded and the await data is not updated, this check item is invalid.
                                            
 
                                            
@@ -384,7 +329,7 @@
 
                                            
 
                                            
 
-
                                            Table 9 Other check items
                                            Check Item
                                            
+
                                            
@@ -443,7 +388,7 @@
 
                                            The kubelet component has the following default check items, which have bugs or defects. You can fix them by upgrading the cluster or using NPD.
                                            
 
-
                                            Table 7 Other check items
                                            Check Item
                                            
                                             		
 
                                            Function
                                            
                                             		
 
                                            Table 10 Default kubelet check items
                                            Check Item
                                            
+
                                            
@@ -485,7 +430,7 @@
 
                                            The open source NPD plugin provides fault detection but not fault isolation. CCE enhances the node-problem-controller (NPC) based on the open source NPD. This component is implemented based on the Kubernetes node controller. For faults reported by NPD, NPC automatically adds taints to nodes for node fault isolation.
                                            
 
-
                                            Table 8 Default kubelet check items
                                            Check Item
                                            
                                             		
 
                                            Function
                                            
                                             		
 
                                            Table 11 Parameters
                                            Parameter
                                            
+
                                            
@@ -503,7 +448,7 @@
 
-
                                            Table 9 Parameters
                                            Parameter
                                            
                                             		
 
                                            Description
                                            
 
                                            
 
                                            npc.maxTaintedNode
                                            
 
                                            The maximum number of nodes that NPC can add taints to when a single fault occurs on multiple nodes for minimizing impact.
                                            
+
                                            The maximum number of nodes that NPC can add taints to when an individual fault occurs on multiple nodes for minimizing impact.
                                            
 
                                            The value can be in int or percentage format.
                                            
                                             		
 
                                            10%
                                            
@@ -544,7 +489,7 @@ problem_gauge{reason="CRIIsUp",type="CRIProblem"} 0
 ..
 
 
                                            Change History
                                            
-
                                            Table 12 Release history
                                            Add-on Version
                                            
+
                                            
@@ -554,7 +499,22 @@ problem_gauge{reason="CRIIsUp",type="CRIProblem"} 0
 
-
+
+
+
+
+
-
diff --git a/docs/cce/umn/cce_10_0140.html b/docs/cce/umn/cce_10_0140.html
index 6efa89ee9..71365f585 100644
--- a/docs/cce/umn/cce_10_0140.html
+++ b/docs/cce/umn/cce_10_0140.html
@@ -12,6 +12,8 @@
 
                                          7. Configuring a Cluster's API Server for Internet Access
                                            
 
                                            8. 
+
                                          8. Revoking a Cluster Access Credential
                                            
+
                                            9. 
diff --git a/docs/cce/umn/cce_10_0141.html b/docs/cce/umn/cce_10_0141.html
index eb4a18ca1..9b96d0b2e 100644
--- a/docs/cce/umn/cce_10_0141.html
+++ b/docs/cce/umn/cce_10_0141.html
@@ -5,11 +5,25 @@
 
                                            Notes and Constraints
                                            • The driver to be downloaded must be a .run file.
                                            • Only NVIDIA Tesla drivers are supported, not GRID drivers.
                                            • When installing or reinstalling the add-on, ensure that the driver download address is correct and accessible. CCE does not verify the address validity.
                                            • The gpu-beta add-on only enables you to download the driver and execute the installation script. The add-on status only indicates that how the add-on is running, not whether the driver is successfully installed.
                                            • CCE does not guarantee the compatibility between the GPU driver version and the CUDA library version of your application. You need to check the compatibility by yourself.
                                            • If a custom OS image has had a a GPU driver installed, CCE cannot ensure that the GPU driver is compatible with other GPU components such as the monitoring components used in CCE.
                                            
 
                                            
-
                                            Installing the Add-on
                                            1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CCE AI Suite (NVIDIA GPU) on the right, and click Install.
                                            2. Configure the add-on parameters.
                                              • NVIDIA Driver: Enter the link for downloading the NVIDIA driver. All GPU nodes in the cluster will use this driver.
                                                 
                                                • If the download link is a public network address, for example, https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run, bind an EIP to each GPU node. For details about how to obtain the driver link, see Obtaining the Driver Link from Public Network.
                                                • If the download link is an OBS URL, you do not need to bind an EIP to GPU nodes. For details about how to obtain the driver link, see Obtaining the Driver Link from OBS.
                                                • Ensure that the NVIDIA driver version matches the GPU node. 
                                                • After the driver version is changed, restart the node for the change to take effect.
                                                
+
                                                Installing the Add-on
                                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE AI Suite (NVIDIA GPU) on the right, and click Install.
                                                2. Configure the add-on parameters.
                                                  
+
                                            Table 10 Release history
                                            Add-on Version
                                            
                                             		
 
                                            Supported Cluster Version
                                            
                                             		
 
                                            
 
                                            1.19.1
                                            
+
                                            1.19.11
                                            
+
                                            v1.21
                                            
+
                                            v1.23
                                            
+
                                            v1.25
                                            
+
                                            v1.27
                                            
+
                                            v1.28
                                            
+
                                            v1.29
                                            
+
                                            v1.30
                                            
+
                                            Fixed some issues.
                                            
+
                                            0.8.10
                                            
+
                                            1.19.1
                                            
                                             		
 
                                            v1.21
                                            
 
                                            v1.23
                                            
@@ -628,7 +588,7 @@ problem_gauge{reason="CRIIsUp",type="CRIProblem"} 0
 
                                            v1.23
                                            
 
                                            v1.25
                                            
 
                                            Optimizes DiskHung check item.
                                            
+
                                            Optimized DiskHung check item.
                                            
                                             		
 
                                            0.8.10
                                            
                                             		
 
 
 
 
 
                                            
+
+
+
+
+
+
+
+
                                            Table 1 Add-on parameters
                                            Parameter
                                            
+
                                            Description
                                            
+
                                            Default Cluster Driver
                                            
+
                                            All GPU nodes in a cluster use the same driver. You can select a proper GPU driver version or customize the driver link and enter the download link of the NVIDIA driver.
                                             NOTICE: 
                                            • If the download link is a public network address, for example, https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run, bind an EIP to each GPU node. For details about how to obtain the driver link, see Obtaining the Driver Link from Public Network.
                                            • If the download link is an OBS URL, you do not need to bind an EIP to GPU nodes. For details about how to obtain the driver link, see Obtaining the Driver Link from OBS.
                                            • Ensure that the NVIDIA driver version matches the GPU node. 
                                            • If the driver version is changed, restart the node to apply the change.
                                            
 
                                            
-
                                          9. Driver Selection: If you do not want all GPU nodes in a cluster to use the same driver, CCE allows you to install a different GPU driver for each node pool.
                                             
                                            • The add-on installs the driver with the version specified by the node pool. The driver takes effect only for new pool nodes.
                                            • After the driver version is updated, it takes effect on the nodes newly added to the node pool. Existing nodes must restart to apply the changes.
                                            
+
                                            
+
                                            10. 
+
                                            
+
                                             
                                            After the add-on is installed, you can configure GPU virtualization and node pool drivers on the Heterogeneous Resources tab in Settings.
                                            
 
                                            
-
 
                                          10. Click Install.
                                             
                                            If the add-on is uninstalled, GPU pods newly scheduled to the nodes cannot run properly, but GPU pods already running on the nodes will not be affected.
                                            
 
                                            
 
                                            11. 
@@ -23,11 +37,11 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
 
                                          11. Container:
                                            cd /usr/local/nvidia/bin && ./nvidia-smi
                                            
 
                                            12. 
 
                                            If GPU information is returned, the device is available and the add-on has been installed.
                                            
-
                                            
+
                                            
 
-
                                            Obtaining the Driver Link from Public Network
                                            1. Log in to the CCE console.
                                            2. Click Create Node and select the GPU node to be created in the Specifications area. The GPU card model of the node is displayed in the lower part of the page.
                                            1. Visit https://www.nvidia.com/Download/Find.aspx?lang=en.
                                            2. Select the driver information on the NVIDIA Driver Downloads page, as shown in Figure 1. Operating System must be Linux 64-bit.
                                              Figure 1 Setting parameters
                                              
-
                                            3. After confirming the driver information, click SEARCH. A page is displayed, showing the driver information, as shown in Figure 2. Click DOWNLOAD.
                                              Figure 2 Driver information
                                              
-
                                            4. Obtain the driver link in either of the following ways:
                                              • Method 1: As shown in Figure 3, find url=/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run in the browser address box. Then, supplement it to obtain the driver link https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run. By using this method, you must bind an EIP to each GPU node.
                                              • Method 2: As shown in Figure 3, click AGREE & DOWNLOAD to download the driver. Then, upload the driver to OBS and record the OBS URL. By using this method, you do not need to bind an EIP to GPU nodes.
                                                Figure 3 Obtaining the link
                                                
+
                                                Obtaining the Driver Link from Public Network
                                                1. Log in to the CCE console.
                                                2. Click Create Node and select the GPU node to be created in the Specifications area. The GPU card model of the node is displayed in the lower part of the page.
                                                1. Visit https://www.nvidia.com/Download/Find.aspx?lang=en.
                                                2. Select the driver information on the NVIDIA Driver Downloads page, as shown in Figure 1. Operating System must be Linux 64-bit.
                                                  Figure 1 Setting parameters
                                                  
+
                                                3. After confirming the driver information, click SEARCH. A page is displayed, showing the driver information, as shown in Figure 2. Click DOWNLOAD.
                                                  Figure 2 Driver information
                                                  
+
                                                4. Obtain the driver link in either of the following ways:
                                                  • Method 1: As shown in Figure 3, find url=/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run in the browser address box. Then, supplement it to obtain the driver link https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run. By using this method, you must bind an EIP to each GPU node.
                                                  • Method 2: As shown in Figure 3, click AGREE & DOWNLOAD to download the driver. Then, upload the driver to OBS and record the OBS URL. By using this method, you do not need to bind an EIP to GPU nodes.
                                                    Figure 3 Obtaining the link
                                                    
 
                                                  
 
                                                
 
                                                
@@ -36,7 +50,7 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
 
                                              • In the bucket list, click a bucket name, and then the Overview page of the bucket is displayed.
                                              • In the navigation pane, choose Objects.
                                              • Select the name of the target object and copy the driver link on the object details page.
                                            
 
                                            
 
                                            Components
                                            
-
                                            Table 1 Add-on components
                                            Component
                                            
+
                                            
@@ -46,17 +60,31 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
-
+
+
+
+
+
+
+
+
                                            Table 2 Add-on components
                                            Component
                                            
                                             		
 
                                            Description
                                            
                                             		
 
                                            
 
                                            nvidia-driver-installer
                                            
 
                                            Used for installing an NVIDIA driver on GPU nodes.
                                            
+
                                            A workload for installing the NVIDIA GPU driver on a node, which only uses resources during the installation process (Once the installation is finished, no resources are used.)
                                            
                                             		
 
                                            DaemonSet
                                            
                                             		
 
                                            nvidia-gpu-device-plugin
                                            
+
                                            A Kubernetes device plugin that provides NVIDIA GPU heterogeneous compute for containers
                                            
+
                                            DaemonSet
                                            
+
                                            nvidia-operator
                                            
+
                                            A component that provides NVIDIA GPU node management capabilities for clusters
                                            
+
                                            Deployment
                                            
+
                                            
                                             
 
                                            
 
                                            
 
 
                                            Change History
                                            
-
                                            Table 2 Release history
                                            Add-on Version
                                            
+
                                            
@@ -64,7 +92,16 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
-
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0150.html b/docs/cce/umn/cce_10_0150.html
index 85e4ad883..58b21dcd1 100644
--- a/docs/cce/umn/cce_10_0150.html
+++ b/docs/cce/umn/cce_10_0150.html
@@ -83,7 +83,7 @@
 
                                            (Optional) Advanced Settings
                                            • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                            
 
                                            • Job Settings
                                              • Parallel Pods: Maximum number of pods that can run in parallel during job execution. The value cannot be greater than the total number of pods in the job.
                                              • Timeout (s): Once a job reaches this time, the job status becomes failed and all pods in this job will be deleted. If you leave this parameter blank, the job will never time out.
                                              • Completion Mode
                                                • Non-indexed: A job is considered complete when all the pods are successfully executed. Each pod completion is homologous to each other.
                                                • Indexed: Each pod gets an associated completion index from 0 to the number of pods minus 1. The job is considered complete when every pod allocated with an index is successfully executed. For an indexed job, pods are named in the format of $(job-name)-$(index).
                                                
 
                                              • Suspend Job: By default, a job is executed immediately after being created. The job's execution will be suspended if you enable this option, and resumed after you disable it.
                                              
-
                                            • Network Configuration
+
                                            • Network Configuration
                                              • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                                              • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                              • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                                              • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                                              
 
                                            
 
                                          12. Click Create Workload in the lower right corner.
                                            13. 
@@ -188,7 +188,7 @@ myjob-29qlw   0/1     Completed   0          4m5s
 
-
-
diff --git a/docs/cce/umn/cce_10_0152.html b/docs/cce/umn/cce_10_0152.html
index 49a85b7b2..111efadf8 100644
--- a/docs/cce/umn/cce_10_0152.html
+++ b/docs/cce/umn/cce_10_0152.html
@@ -33,7 +33,7 @@
 
diff --git a/docs/cce/umn/cce_10_0154.html b/docs/cce/umn/cce_10_0154.html
index c60229fc9..91e6e201d 100644
--- a/docs/cce/umn/cce_10_0154.html
+++ b/docs/cce/umn/cce_10_0154.html
@@ -7,7 +7,7 @@
 
                                            Open source community: https://github.com/kubernetes/autoscaler
                                            How the Add-on Works
                                            Autoscaler controls auto scale-out and scale-in.
                                            
-
                                            • Auto scale-out
                                              You can choose either of the following methods:
                                              • If pods in a cluster cannot be scheduled due to insufficient worker nodes, cluster scaling is triggered to add nodes. The nodes to be added have the same specification as configured for the node pool to which the nodes belong.
                                                Auto scale-out will be performed when:
                                                • Node resources are insufficient.
                                                • No node affinity policy is set in the pod scheduling configuration. If a node has been configured as an affinity node for pods, no node will not be automatically added when pods cannot be scheduled. For details about how to configure the node affinity policy, see Scheduling Policies (Affinity/Anti-affinity).
                                                
+
                                                • Auto scale-out
                                                  You can choose either of the following methods:
                                                  • If a pod cannot be scheduled due to insufficient resources of worker nodes, CCE will add more nodes to the cluster. The new nodes have the same resource quotas as those configured for the node pools that the new nodes are in.
                                                    Auto scale-out will be performed when:
                                                    • Node resources are insufficient.
                                                    • No node affinity policy is set in the scheduling configurations of the pod. If the pod is configured affinity for a node, the system will not automatically add more nodes in the cluster. For details about how to configure node affinity policies, see Configuring Node Affinity Scheduling (nodeAffinity).
                                                    
 
                                                    
 
                                                  • When the cluster meets the node scaling policy, cluster scale-out is also triggered. For details, see Creating a Node Scaling Policy.
                                                  
 
                                                   
                                                  The add-on follows the "No Less, No More" policy. For example, if three cores are required for creating a pod and the system supports four-core and eight-core nodes, Autoscaler will preferentially create a four-core node.
                                                  
@@ -19,148 +19,33 @@
 
                                                  
 
                                                
 
                                                
-
                                                Notes and Constraints
                                                • Ensure that there are sufficient resources for installing the add-on.
                                                • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                                • Node scale-in will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In a node scale-in, a pod that uses the local PV will be evicted from the node. A new pod will be created, but it remains in a pending state because the label of the PVC bound to it conflicts with the node label.
                                                • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                  • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affect cluster scaling.
                                                  • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                  
+
                                                  Notes and Constraints
                                                  • Ensure that there are sufficient resources for installing the add-on.
                                                  • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                                  • Node scale-in will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In a node scale-in, a pod that uses the local PV will be evicted from the node. A new pod will be created, but it remains in a pending state because the label of the PVC bound to it conflicts with the node label.
                                                  • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                    • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                                    • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                    
 
                                                  
 
                                                  
-
                                                  Installing the Add-on
                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate CCE Cluster Autoscaler on the right, and click Install.
                                                  2. On the Install Add-on page, configure the specifications.
                                                    
-
                                            Table 3 Release history
                                            Add-on Version
                                            
                                             		
 
                                            Supported Cluster Version
                                            
                                             		
 
 
                                            
 
                                            2.6.4
                                            
+
                                            2.7.13
                                            
+
                                            v1.28
                                            
+
                                            v1.29
                                            
+
                                            v1.30
                                            
+
                                            • Supported xGPU configuration by node pool.
                                            • Supported GPU rendering.
                                            • Clusters 1.30 are supported.
                                            
+
                                            2.6.4
                                            
                                             		
 
                                            v1.28
                                            
 
                                            v1.29
                                            
diff --git a/docs/cce/umn/cce_10_0142.html b/docs/cce/umn/cce_10_0142.html
index 29fc755aa..6e57c289b 100644
--- a/docs/cce/umn/cce_10_0142.html
+++ b/docs/cce/umn/cce_10_0142.html
@@ -2,12 +2,12 @@
 
 
                                            NodePort
                                            
 
                                            Scenario
                                            A Service is exposed on each node's IP address at a static port (NodePort). When you create a NodePort Service, Kubernetes automatically allocates an internal IP address (ClusterIP) of the cluster. When clients outside the cluster access <NodeIP>:<NodePort>, the traffic will be forwarded to the target pod through the ClusterIP of the NodePort Service.
                                            
-
                                            Figure 1 NodePort access
                                            
+
                                            Figure 1 NodePort access
                                            
 
                                            
 
                                            Notes and Constraints
                                            • By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                                            • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                            • In a CCE Turbo cluster, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                                            • In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, externalTrafficPolicy is set to local), container B deployed on the same node cannot access container A through the node IP address and NodePort service.
                                            • When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using netstat by default. If the cluster forwarding mode is iptables, run the iptables -t nat -L command to view the port. If the cluster forwarding mode is IPVS, run the ipvsadm -Ln command to view the port.
                                            
 
                                            
 
                                            Creating a NodePort Service
                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                            2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                            3. Configure intra-cluster access parameters.
                                              • Service Name: Specify a Service name, which can be the same as the workload name.
                                              • Service Type: Select NodePort.
                                              • Namespace: namespace that the workload belongs to.
                                              • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                
-
                                              • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                              • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                              • Ports
                                                • Protocol: protocol used by the Service.
                                                • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                • Node Port: You are advised to select Auto. You can also specify a port. The default port ranges from 30000 to 32767.
                                                
+
                                              • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                              • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address.  This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                              • Ports
                                                • Protocol: protocol used by the Service.
                                                • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                • Node Port: You are advised to select Auto. You can also specify a port. The default port ranges from 30000 to 32767.
                                                
 
                                              
 
                                            4. Click OK.
                                            
 
                                            
@@ -58,10 +58,10 @@ spec:
 
                                            NAME                     READY     STATUS             RESTARTS   AGE
 nginx-2601814895-qhxqv   1/1       Running            0          9s
                                            
 
                                          13. Create a Service.
                                            kubectl create -f nginx-nodeport-svc.yaml
                                            
-
                                            If information similar to the following is displayed, the Service is being created.
                                            
+
                                            If information similar to the following is displayed, the Service is being created:
                                            
 
                                            service "nginx-nodeport" created
                                            
 
                                            kubectl get svc
                                            
-
                                            If information similar to the following is displayed, the Service has been created.
                                            
+
                                            If information similar to the following is displayed, the Service has been created:
                                            
 
                                            # kubectl get svc
 NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
 kubernetes       ClusterIP   10.247.0.1     <none>        443/TCP          4d8h
diff --git a/docs/cce/umn/cce_10_0146.html b/docs/cce/umn/cce_10_0146.html
index 30069f28c..e7fe969f6 100644
--- a/docs/cce/umn/cce_10_0146.html
+++ b/docs/cce/umn/cce_10_0146.html
@@ -33,7 +33,7 @@
 
                                            		14. 
 
                                            Describes configuration parameters required by templates.
                                            
 
                                             NOTICE: 
                                            Make sure that the image address set in the values.yaml file is the same as the image address in the container image repository. Otherwise, an exception occurs when you create a workload, and the system displays a message indicating that the image fails to be pulled.
                                            
-
                                            To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click  to copy the command in the Image Pull Command column.
                                            
+
                                            To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click  to copy the command in the Image Pull Command column.
                                            
 
                                            
                                             		
 
                                            
 
 
                                            Editing a YAML file
                                            
 
                                            Click More > Edit YAML next to the job name to edit the YAML file corresponding to the current job.
                                            
+
                                            Click More > Edit YAML next to the job name to edit the YAML file of the current job.
                                            
                                             		
 
                                            
 
                                            Deleting a job
                                            
diff --git a/docs/cce/umn/cce_10_0151.html b/docs/cce/umn/cce_10_0151.html
index e94596bd7..b5a026746 100644
--- a/docs/cce/umn/cce_10_0151.html
+++ b/docs/cce/umn/cce_10_0151.html
@@ -81,18 +81,18 @@
 
                                            Schedule
                                            
 
                                            • Concurrency Policy: The following three modes are supported:
                                              • Forbid: A new job cannot be created before the previous job is completed.
                                              • Allow: The cron job allows concurrently running jobs, which preempt cluster resources.
                                              • Replace: A new job replaces the previous job when it is time to create a job but the previous job is not completed.
                                              
 
                                            • Policy Settings: specifies when a new cron job is executed. Policy settings in YAML are implemented using cron expressions.
                                              • A cron job is executed at a fixed interval. The unit can be minute, hour, day, or month. For example, if a cron job is executed every 30 minutes and the corresponding cron expression is */30 * * * *, the execution time starts from 0 in the unit range, for example, 00:00:00, 00:30:00, 01:00:00, and ....
                                              • The cron job is executed at a fixed time (by month). For example, if a cron job is executed at 00:00 on the first day of each month, the cron expression is 0 0 1 */1 *, and the execution time is ****-01-01 00:00:00, ****-02-01 00:00:00, and ....
                                              • The cron job is executed by week. For example, if a cron job is executed at 00:00 every Monday, the cron expression is 0 0 * * 1, and the execution time is ****-**-01 00:00:00 on Monday, ****-**-08 00:00:00 on Monday, and ....
                                              • Custom Cron Expression: For details about how to use cron expressions, see CronJob.
                                              
-
                                               
                                              • If a cron job is executed at a fixed time (by month) and the number of days in a month does not exist, the cron job will not be executed in this month. For example, the execution will skip February if the date is set to 30.
                                              • Due to the definition of cron, the fixed period is not a strict period. The time unit range is divided from 0 by period. For example, if the unit is minute, the value ranges from 0 to 59. If the value cannot be exactly divided, the last period is reset. Therefore, an accurate period can be represented only when the period can be evenly divided.
                                                Take a cron job that is executed by hour as an example. As /2, /3, /4, /6, /8, and /12 can exactly divide 24 hours, an accurate period can be represented. If another period is used, the last period will be reset at the beginning of a new day. For example, if the cron expression is * */12 * * *, the execution time is 00:00:00 and 12:00:00 every day. If the cron expression is * */13 * * *, the execution time is 00:00:00 and 13:00:00 every day. At 00:00 on the next day, the execution time is updated even if the period does not reach 13 hours.
                                                
+
                                                 
                                                • If a cron job is executed at a fixed time (by month) and the number of days in a month does not exist, the cron job will not be executed in this month. For example, the execution will skip February if the date is set to 30.
                                                • Due to the definition of cron, the fixed period is not a strict period. The time unit range is divided from 0 by period. For example, if the unit is minute, the value ranges from 0 to 59. If the value cannot be exactly divided, the last period is reset. Therefore, an accurate period can be represented only when the period can be evenly divided.
                                                  Take a cron job that runs hourly as an example. If an interval that can divide 24 hours exactly, such as /2, /3, /4, /6, /8, and /12, the period can be accurately represented. However, if a different period is used, the last period will reset at the beginning of each new day. For example, if the cron expression is * */12 * * *, the task will run at 00:00:00 and 12:00:00 every day. Similarly, if the cron expression is * */13 * * *, the task will run at 00:00:00 and 13:00:00 every day. Note that the last period will reset at 00:00:00 on the following day, even if it has not reached 13 hours.
                                                  
 
                                                
 
                                                
-
                                              • Job Records: You can set the number of jobs that are successfully executed or fail to be executed. Setting a limit to 0 corresponds to keeping none of the jobs after they finish.
                                              
+
                                            • Time Zone: You can specify a time zone. If this parameter is not specified, the time zone of the master node will be used by default.
                                            • Job Records: You can set the number of jobs that are successfully executed or fail to be executed. Setting a limit to 0 corresponds to keeping none of the jobs after they finish.
                                            
 
                                            (Optional) Advanced Settings
                                            • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                            
-
                                            • Network Configuration
+
                                              • Network Configuration
                                                • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                                                • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                                • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                                                • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                                                
 
                                              
 
                                            
 
                                          14. Click Create Workload in the lower right corner.
                                            15. 
 
 
                                            Using kubectl
                                            A cron job has the following configuration parameters:
                                            
-
                                            • .spec.schedule: takes a Cron format string, for example, 0 * * * * or @hourly, as schedule time of jobs to be created and executed.
                                            • .spec.jobTemplate: specifies jobs to be run, and has the same schema as when you are Creating a Job Using kubectl.
                                            • .spec.startingDeadlineSeconds: specifies the deadline for starting a job.
                                            • .spec.concurrencyPolicy: specifies how to treat concurrent executions of a job created by the Cron job. The following options are supported:
                                              • Allow (default value): allows concurrently running jobs.
                                              • Forbid: forbids concurrent runs, skipping next run if previous has not finished yet.
                                              • Replace: cancels the currently running job and replaces it with a new one.
                                              
+
                                              • .spec.schedule: takes a Cron format string, for example, 0 * * * * or @hourly, as schedule time of jobs to be created and executed.
                                              • .spec.jobTemplate: specifies jobs to be run, and has the same schema as when you are Creating a Job Using kubectl.
                                              • .spec.startingDeadlineSeconds: specifies the deadline for starting a job.
                                              • .spec.concurrencyPolicy: specifies how to treat concurrent executions of a job created by the CronJob. The following options are supported:
                                                • Allow (default value): allows concurrently running jobs.
                                                • Forbid: forbids concurrent runs, skipping next run if previous has not finished yet.
                                                • Replace: cancels the currently running job and replaces it with a new one.
                                                
 
                                              
 
                                              The following is an example cron job, which is saved in the cronjob.yaml file.
                                              
 
                                               
                                              In clusters of v1.21 or later, CronJob apiVersion is batch/v1.
                                              
@@ -119,7 +119,7 @@ spec:
           imagePullSecrets:
             - name: default-secret
 
                                              Run the job.
                                              
-
                                              1. Create a cron job.
                                                kubectl create -f cronjob.yaml
                                                
+
                                                1. Create a CronJob.
                                                  kubectl create -f cronjob.yaml
                                                  
 
                                                  Information similar to the following is displayed:
                                                  
 
                                                  cronjob.batch/hello created
                                                  
 
                                                2. Query the running status of the cron job:
                                                  kubectl get cronjob
                                                  
@@ -161,7 +161,7 @@ Hello from the Kubernetes cluster
 
                                            
 
                                            Deleting a CronJob
                                            
 
                                            1. Select the CronJob to be deleted and click More > Delete in the Operation column.
                                            2. Click Yes.
                                              Deleted jobs cannot be restored. Therefore, exercise caution when deleting a job.
                                              
+
                                            1. Select the CronJob to be deleted and click More > Delete in the Operation column.
                                            2. Click Yes.
                                              Deleted jobs cannot be restored. Exercise caution when deleting a job.
                                              
 
                                            
                                             		
 
                                            Data
                                            
                                             		
 
                                            Data of a ConfigMap, in the key-value pair format.
                                            
-
                                            Click  to add data. The value can be in string, JSON, or YAML format.
                                            
+
                                            Click  to add data. The value can be in string, JSON, or YAML format.
                                            
                                             		
 
                                            
 
                                            Label
                                            
diff --git a/docs/cce/umn/cce_10_0153.html b/docs/cce/umn/cce_10_0153.html
index 60e817b10..ea2bbd5ba 100644
--- a/docs/cce/umn/cce_10_0153.html
+++ b/docs/cce/umn/cce_10_0153.html
@@ -36,7 +36,7 @@
 
                                            Secret Data
                                            
                                             		
 
                                            Workload secret data can be used in containers.
                                            
-
                                            • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                            • If Secret Type is kubernetes.io/dockerconfigjson, enter the account and password for logging in to the private image repository.
                                            • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                               NOTE: 
                                              • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                              • A certificate request is a request for a signature with a private key.
                                              
+
                                              • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                              • If Secret Type is kubernetes.io/dockerconfigjson, enter the account and password for logging in to the private image repository.
                                              • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                                 NOTE: 
                                                • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                                • A certificate request is a request for a signature with a private key.
                                                
 
                                                
 
                                              
 
                                            		
 
 
                                            
-
-
-
-
-
-
-
-
-
-
-
                                            Table 1 Specifications configuration
                                            Parameter
                                            
-
                                            Description
                                            
-
                                            Pods
                                            
-
                                            Number of pods for the add-on.
                                            
-
                                            High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                            
-
                                            Containers
                                            
-
                                            Adjust the number of the Autoscaler pods and their CPU and memory quotas based on the cluster scale. For details, see Table 2.
                                            
-
                                            
-
                                            
-
-
                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                            Table 2 Recommended Autoscaler quotas
                                            Nodes
                                            
-
                                            Pods
                                            
-
                                            Requested vCPUs
                                            
-
                                            vCPU Limit
                                            
-
                                            Requested Memory
                                            
-
                                            Memory Limit
                                            
-
                                            50
                                            
-
                                            2
                                            
-
                                            1000m
                                            
-
                                            1000m
                                            
-
                                            1000 MiB
                                            
-
                                            1000 MiB
                                            
-
                                            200
                                            
-
                                            2
                                            
-
                                            4000m
                                            
-
                                            4000m
                                            
-
                                            2000 MiB
                                            
-
                                            2000 MiB
                                            
-
                                            1000
                                            
-
                                            2
                                            
-
                                            8000m
                                            
-
                                            8000m
                                            
-
                                            8000 MiB
                                            
-
                                            8000 MiB
                                            
-
                                            2000
                                            
-
                                            2
                                            
-
                                            8000m
                                            
-
                                            8000m
                                            
-
                                            8000 MiB
                                            
-
                                            8000 MiB
                                            
-
                                            
-
                                            
-
                                          15. Configure the add-on parameters.
                                            
-
                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                            Table 3 Parameters
                                            Parameter
                                            
-
                                            Description
                                            
-
                                            Total Nodes
                                            
-
                                            Maximum number of nodes that can be managed by the cluster, within which cluster scale-out is performed.
                                            
-
                                            Total CPUs
                                            
-
                                            Maximum sum of CPU cores of all nodes in a cluster, within which cluster scale-out is performed.
                                            
-
                                            Total Memory (GiB)
                                            
-
                                            Maximum sum of memory of all nodes in a cluster, within which cluster scale-out is performed.
                                            
-
                                            
-
                                            
-
                                          16. Configure scheduling policies for the add-on.
                                             
                                            • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                            • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                            
+
                                            Installing the Add-on
                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Cluster Autoscaler on the right, and click Install.
                                            2. On the Install Add-on page, configure the specifications as needed.
                                              There are three types of preset specifications based on the cluster scale. You can select one as required. The system will configure the number of pods and resource quotas for the add-on based on the selected preset specifications. You can see the configurations on the console.
                                              
+
                                            3. Configure deployment policies for the add-on pods.
                                               
                                              • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                              
 
                                              
 
-
                                              Table 4 Configurations for add-on scheduling
                                              Parameter
                                              
+
                                              
-
-
-
-
-
-
-
@@ -171,7 +56,7 @@
 
                                            4. After the configuration is complete, click Install.
                                              5. Components
                                              
-
                                              Table 1 Configurations for add-on scheduling
                                              Parameter
                                              
 
                                              Description
                                              
+
                                              Description
                                              
                                               		
 
                                              
 
                                              Multi AZ
                                              
+
                                              Multi-AZ Deployment
                                              
 
                                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                              • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                              • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                              
+
                                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                              • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                              • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                              
                                               		
 
                                              Node Affinity
                                              
+
                                              Node Affinity
                                              
 
                                              • Not configured: Node affinity is disabled for the add-on.
                                              • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                
+
                                              • Not configured: Node affinity is disabled for the add-on.
                                              • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                
 
                                              
                                               		
 
                                              Toleration
                                              
+
                                              Toleration
                                              
 
                                              Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.
                                              
+
                                              Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.
                                              
 
                                              The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.
                                              
 
                                              For details, see Configuring Tolerance Policies.
                                              
                                               		
 
 
                                              Table 5 Add-on components
                                              Component
                                              
+
                                              
@@ -190,526 +75,559 @@
 
                                              Table 2 Add-on components
                                              Component
                                              
                                               		
 
                                              Description
                                              
 
                                              
 
                                              
 
-
                                              Scale-In Cool-Down Period
                                              Scale-in cooling intervals can be configured in the node pool settings and the Autoscaler add-on settings.
                                              
-
                                              Scale-in cooling interval configured in a node pool
                                              
-
                                              This interval indicates the period during which nodes added to the current node pool after a scale-out cannot be deleted. This setting takes effect in the entire node pool.
                                              
-
                                              Scale-in cooling interval configured in the Autoscaler add-on
                                              
-
                                              The interval after a scale-out indicates the period during which the entire cluster cannot be scaled in after the Autoscaler add-on triggers a scale-out (due to the unschedulable pods, metrics, and scaling policies). This setting takes effect in the entire cluster.
                                              
-
                                              The interval after a node is deleted indicates the period during which the cluster cannot be scaled in after the auto scaling add-on triggers a scale-in. This setting takes effect in the entire cluster.
                                              
-
                                              The interval after a failed scale-in indicates the period during which the cluster cannot be scaled in after the Autoscaler add-on triggers scale-in. This interval takes effect at the cluster level.
                                              
-
                                              
 
                                              Change History
                                              
-
                                              Table 6 Release history for add-on adapted to clusters 1.29
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
                                              Table 3 Release history for the add-on adapted to clusters 1.30
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.29.17
                                              
+
                                              1.30.18
                                              
 
                                              v1.29
                                              
+
                                              v1.30
                                              
 
                                              Optimized events.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.29.1
                                              
+
                                              1.30.1
                                              
                                               		
 
                                              1.29.13
                                              
+
                                              1.30.15
                                              
 
                                              v1.29
                                              
+
                                              v1.30
                                              
 
                                              Clusters 1.29 are supported.
                                              
+
                                              • Clusters 1.30 are supported.
                                              • Included the name of the target node pool to the reported event.
                                              
 
                                              1.29.1
                                              
+
                                              1.30.1
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Table 7 Release history for add-on adapted to clusters 1.28
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 4 Release history for the add-on adapted to clusters 1.29
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.28.55
                                              
+
                                              1.29.53
                                              
 
                                              v1.28
                                              
+
                                              v1.29
                                              
 
                                              Optimized events.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.28.1
                                              
+
                                              1.29.1
                                              
                                               		
 
                                              1.28.22
                                              
+
                                              1.29.17
                                              
 
                                              v1.28
                                              
+
                                              v1.29
                                              
 
                                              Fixed some issues.
                                              
+
                                              Optimized events.
                                              
 
                                              1.28.1
                                              
+
                                              1.29.1
                                              
                                               		
 
                                              1.28.20
                                              
+
                                              1.29.13
                                              
 
                                              v1.28
                                              
+
                                              v1.29
                                              
 
                                              Fixed some issues.
                                              
+
                                              Clusters 1.29 are supported.
                                              
 
                                              1.28.1
                                              
-
                                              1.28.17
                                              
-
                                              v1.28
                                              
-
                                              Fixed the issue that scale-in cannot be performed when there are custom pod controllers in a cluster.
                                              
-
                                              1.28.1
                                              
+
                                              1.29.1
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Table 8 Release history for add-on adapted to clusters 1.27
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 5 Release history for the add-on adapted to clusters 1.28
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.27.55
                                              
+
                                              1.28.55
                                              
 
                                              v1.27
                                              
+
                                              v1.28
                                              
 
                                              Fixed some issues.
                                              
+
                                              Optimized events.
                                              
 
                                              1.27.1
                                              
+
                                              1.28.1
                                              
                                               		
 
                                              1.27.53
                                              
+
                                              1.28.22
                                              
 
                                              v1.27
                                              
+
                                              v1.28
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.27.1
                                              
+
                                              1.28.1
                                              
                                               		
 
                                              1.27.51
                                              
+
                                              1.28.20
                                              
 
                                              v1.27
                                              
+
                                              v1.28
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.27.1
                                              
+
                                              1.28.1
                                              
                                               		
 
                                              1.27.14
                                              
+
                                              1.28.17
                                              
 
                                              v1.27
                                              
+
                                              v1.28
                                              
 
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
+
                                              Fixed the issue that scale-in cannot be performed when there are custom pod controllers in a cluster.
                                              
 
                                              1.27.1
                                              
+
                                              1.28.1
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Table 9 Release history for add-on adapted to clusters 1.25
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 6 Release history for the add-on adapted to clusters 1.27
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.25.88
                                              
+
                                              1.27.55
                                              
 
                                              v1.25
                                              
+
                                              v1.27
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.25.0
                                              
+
                                              1.27.1
                                              
                                               		
 
                                              1.25.86
                                              
+
                                              1.27.53
                                              
 
                                              v1.25
                                              
+
                                              v1.27
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.25.0
                                              
+
                                              1.27.1
                                              
                                               		
 
                                              1.25.84
                                              
+
                                              1.27.51
                                              
 
                                              v1.25
                                              
+
                                              v1.27
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.25.0
                                              
+
                                              1.27.1
                                              
                                               		
 
                                              1.25.46
                                              
+
                                              1.27.14
                                              
 
                                              v1.25
                                              
+
                                              v1.27
                                              
 
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
+
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
 
                                              1.25.0
                                              
-
                                              1.25.21
                                              
-
                                              v1.25
                                              
-
                                              • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
-
                                              1.25.0
                                              
-
                                              1.25.7
                                              
-
                                              v1.25
                                              
-
                                              • CCE clusters 1.25 are supported.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
-
                                              1.25.0
                                              
+
                                              1.27.1
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Table 10 Release history for add-on adapted to clusters 1.23
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 7 Release history for the add-on adapted to clusters 1.25
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.23.95
                                              
+
                                              1.25.88
                                              
 
                                              v1.23
                                              
+
                                              v1.25
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.23.0
                                              
+
                                              1.25.0
                                              
                                               		
 
                                              1.23.93
                                              
+
                                              1.25.86
                                              
 
                                              v1.23
                                              
+
                                              v1.25
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.23.0
                                              
+
                                              1.25.0
                                              
                                               		
 
                                              1.23.91
                                              
+
                                              1.25.84
                                              
 
                                              v1.23
                                              
+
                                              v1.25
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.23.0
                                              
+
                                              1.25.0
                                              
                                               		
 
                                              1.23.54
                                              
+
                                              1.25.46
                                              
 
                                              v1.23
                                              
+
                                              v1.25
                                              
 
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
+
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
 
                                              1.23.0
                                              
+
                                              1.25.0
                                              
                                               		
 
                                              1.23.31
                                              
+
                                              1.25.21
                                              
 
                                              v1.23
                                              
+
                                              v1.25
                                              
 
                                              • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
+
                                              • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
 
                                              1.23.0
                                              
+
                                              1.25.0
                                              
                                               		
 
                                              1.23.17
                                              
+
                                              1.25.7
                                              
 
                                              v1.23
                                              
+
                                              v1.25
                                              
 
                                              • Supported node scaling policies without a step.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Supported the emptyDir scheduling policy.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
+
                                              • CCE clusters 1.25 are supported.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
 
                                              1.23.0
                                              
-
                                              1.23.10
                                              
-
                                              v1.23
                                              
-
                                              • Optimized logging.
                                              • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                              
-
                                              1.23.0
                                              
+
                                              1.25.0
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Table 11 Release history for add-on adapted to clusters 1.21
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 8 Release history for the add-on adapted to clusters 1.23
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.21.89
                                              
+
                                              1.23.95
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.21.0
                                              
+
                                              1.23.0
                                              
                                               		
 
                                              1.21.87
                                              
+
                                              1.23.93
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
 
                                              Fixed some issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.21.0
                                              
+
                                              1.23.0
                                              
                                               		
 
                                              1.21.86
                                              
+
                                              1.23.91
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
 
                                              Fixed the issue that the node pool auto scaling cannot meet expectations after AZ topology constraints are configured for nodes.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.21.0
                                              
+
                                              1.23.0
                                              
                                               		
 
                                              1.21.51
                                              
+
                                              1.23.54
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
 
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
+
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
 
                                              1.21.0
                                              
+
                                              1.23.0
                                              
                                               		
 
                                              1.21.29
                                              
+
                                              1.23.31
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
 
                                              • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                              • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                              • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
+
                                              • Fixed the issue that the autoscaler's least-waste is disabled by default.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
 
                                              1.21.0
                                              
+
                                              1.23.0
                                              
                                               		
 
                                              1.21.16
                                              
+
                                              1.23.17
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
 
                                              • Supported node scaling policies without a step.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Supported the emptyDir scheduling policy.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
+
                                              • Supported node scaling policies without a step.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Supported the emptyDir scheduling policy.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
 
                                              1.21.0
                                              
+
                                              1.23.0
                                              
                                               		
 
                                              1.21.9
                                              
+
                                              1.23.10
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
 
                                              • Optimized logging.
                                              • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                              
+
                                              • Optimized logging.
                                              • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                              
 
                                              1.21.0
                                              
-
                                              1.21.1
                                              
-
                                              v1.21
                                              
-
                                              Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.
                                              
-
                                              1.21.0
                                              
+
                                              1.23.0
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Table 12 Release history for add-on adapted to clusters 1.19
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 9 Release history for the add-on adapted to clusters 1.21
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.19.76
                                              
+
                                              1.21.89
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              • Optimized the method of identifying GPUs and NPUs.
                                              • Used the remaining node quota of a cluster for the extra nodes that are beyond the cluster scale.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              1.19.56
                                              
+
                                              1.21.87
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
+
                                              Fixed some issues.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              1.19.35
                                              
+
                                              1.21.86
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                              • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                              • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
+
                                              Fixed the issue that the node pool auto scaling cannot meet expectations after AZ topology constraints are configured for nodes.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              1.19.22
                                              
+
                                              1.21.51
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              • Supported node scaling policies without a step.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Supported the emptyDir scheduling policy.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
+
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              1.19.14
                                              
+
                                              1.21.29
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              • Optimized logging.
                                              • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                              
+
                                              • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                              • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                              • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              1.19.11
                                              
+
                                              1.21.16
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.
                                              
+
                                              • Supported node scaling policies without a step.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Supported the emptyDir scheduling policy.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              1.19.8
                                              
+
                                              1.21.9
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.
                                              
+
                                              • Optimized logging.
                                              • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              1.19.7
                                              
+
                                              1.21.1
                                              
 
                                              v1.19
                                              
+
                                              v1.21
                                              
 
                                              Regular upgrade of add-on dependencies
                                              
+
                                              Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.
                                              
 
                                              1.19.0
                                              
+
                                              1.21.0
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Table 13 Release history for add-on adapted to clusters 1.17
                                              Add-on Version
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
                                              Table 10 Release history for the add-on adapted to clusters 1.19
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
 
                                              Community Version
                                              
+
                                              Community Version
                                              
                                               		
 
                                              
 
                                              1.17.27
                                              
+
                                              1.19.76
                                              
 
                                              v1.17
                                              
+
                                              v1.19
                                              
 
                                              • Optimized logging.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Fixed the issue that taints on newly added nodes are overwritten.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
+
                                              • Optimized the method of identifying GPUs and NPUs.
                                              • Used the remaining node quota of a cluster for the extra nodes that are beyond the cluster scale.
                                              
 
                                              1.17.0
                                              
+
                                              1.19.0
                                              
                                               		
 
                                              1.17.22
                                              
+
                                              1.19.56
                                              
 
                                              v1.17
                                              
+
                                              v1.19
                                              
 
                                              Optimized logging.
                                              
+
                                              Fixed the scale-in failure of nodes of different specifications in the same node pool and unexpected PreferNoSchedule taint issues.
                                              
 
                                              1.17.0
                                              
+
                                              1.19.0
                                              
                                               		
 
                                              1.17.19
                                              
+
                                              1.19.35
                                              
 
                                              v1.17
                                              
+
                                              v1.19
                                              
 
                                              Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.
                                              
+
                                              • Supported anti-affinity scheduling of add-on pods on nodes in different AZs.
                                              • Added the tolerance time during which the pods with temporary storage volumes cannot be scheduled.
                                              • Fixed the issue that the number of node pools cannot be restored when scaling group resources are insufficient.
                                              • Fixed the issue that the node pool cannot be switched to another pool for scaling out after a scale-out failure and the add-on has to restart.
                                              • The default taint tolerance duration is changed to 60s.
                                              • Fixed the issue that scale-out is still triggered after the scale-out rule is disabled.
                                              
 
                                              1.17.0
                                              
+
                                              1.19.0
                                              
                                               		
 
                                              1.17.16
                                              
+
                                              1.19.22
                                              
 
                                              v1.17
                                              
+
                                              v1.19
                                              
 
                                              Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.
                                              
+
                                              • Supported node scaling policies without a step.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Supported the emptyDir scheduling policy.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
 
                                              1.17.0
                                              
+
                                              1.19.0
                                              
                                               		
 
                                              1.17.15
                                              
+
                                              1.19.14
                                              
 
                                              v1.17
                                              
+
                                              v1.19
                                              
 
                                              Unified resource specification configuration unit.
                                              
+
                                              • Optimized logging.
                                              • Supported scale-in waiting so that operations such as data dump can be performed before a node is deleted.
                                              
 
                                              1.17.0
                                              
+
                                              1.19.0
                                              
                                               		
 
                                              1.17.2
                                              
+
                                              1.19.11
                                              
 
                                              v1.17
                                              
+
                                              v1.19
                                              
 
                                              Clusters 1.17 are supported.
                                              
+
                                              Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.
                                              
 
                                              1.17.0
                                              
+
                                              1.19.0
                                              
+
                                              1.19.8
                                              
+
                                              v1.19
                                              
+
                                              Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.
                                              
+
                                              1.19.0
                                              
+
                                              1.19.7
                                              
+
                                              v1.19
                                              
+
                                              Regular upgrade of add-on dependencies
                                              
+
                                              1.19.0
                                              
+
                                              
+
                                              
+
+
                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0175.html b/docs/cce/umn/cce_10_0175.html
index fbf9480f0..daf8e5794 100644
--- a/docs/cce/umn/cce_10_0175.html
+++ b/docs/cce/umn/cce_10_0175.html
@@ -3,7 +3,7 @@
 
                                              Accessing a Cluster Using an X.509 Certificate
                                              Scenario
                                              This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.
                                              
 
                                              
-
                                              Procedure
                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                              2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                              3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                Figure 1 Downloading a certificate
                                                
+
                                                Procedure
                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                2. On the Overview page, locate the Connection Info area, and click Download next to X.509 certificate.
                                                3. In the Obtain Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                  Figure 1 Downloading a certificate
                                                  
 
                                                   
                                                  • The downloaded certificate contains three files: client.key, client.crt, and ca.crt. Keep these files secure.
                                                  • Certificates are not required for mutual access between containers in a cluster.
                                                  
 
                                                  
 
                                                4. Call native Kubernetes APIs using the cluster certificate.
                                                  For example, run the curl command to call an API to obtain the pod information. In the following information, 192.168.0.18:5443 indicates the private IP address or EIP and port number of the API server in the cluster.
                                                  
diff --git a/docs/cce/umn/cce_10_0178.html b/docs/cce/umn/cce_10_0178.html
index 9643e14fb..a538e3088 100644
--- a/docs/cce/umn/cce_10_0178.html
+++ b/docs/cce/umn/cce_10_0178.html
@@ -11,6 +11,7 @@
 
                                                  When the memory consumed by all pods on a node increases, the following behaviors may occur:
                                                  
 
                                                  1. When the available memory of the node is lower than the eviction threshold, kubelet is triggered to evict the pod. For details about the eviction threshold in Kubernetes, see Node-pressure Eviction.
                                                  2. If a node triggers an OS memory insufficiency event (OOM) before kubelet reclaims memory, the system terminates the container. However, different from pod eviction, kubelet restarts the container based on the RestartPolicy of the pod.
                                                  
 
                                                  Rules v1 for Reserving Node Memory
                                                   
                                                  For clusters of versions earlier than v1.21.4-r0 and v1.23.3-r0, the v1 model is used for node memory reservation. For clusters of v1.21.4-r0, v1.23.3-r0, or later, the node memory reservation model is optimized to v2. For details, see Rules for Reserving Node Memory v2.
                                                  
+
                                                  Upgrading the cluster to v1.21.4-r0, v1.23.3-r0, or a later version may result in the eviction of the workload on a node that is already fully utilized. This is because system components will need more reserved resources.
                                                  
 
                                                  
 
                                                  You can use the following formula calculate how much memory you should reserve for running containers on a node:
                                                  
 
                                                  Total reserved amount = Reserved memory for system components + Reserved memory for kubelet to manage pods
                                                  
diff --git a/docs/cce/umn/cce_10_0180.html b/docs/cce/umn/cce_10_0180.html
index edae631ab..441ef9c43 100644
--- a/docs/cce/umn/cce_10_0180.html
+++ b/docs/cce/umn/cce_10_0180.html
@@ -22,65 +22,64 @@
 
                                                  
 
                                                  Node Lifecycle
                                                  A lifecycle indicates the node statuses recorded from the time when the node is created through the time when the node is deleted or released.
                                                  
 
-
                                              Table 11 Release history for the add-on adapted to clusters 1.17
                                              Add-on Version
                                              
+
                                              Supported Cluster Version
                                              
+
                                              New Feature
                                              
+
                                              Community Version
                                              
+
                                              1.17.27
                                              
+
                                              v1.17
                                              
+
                                              • Optimized logging.
                                              • Fixed a bug so that deleted node pools are automatically removed.
                                              • Supported scheduling by priority.
                                              • Fixed the issue that taints on newly added nodes are overwritten.
                                              • Fixed a bug so that scale-in can be triggered on the nodes whose capacity is lower than the scale-in threshold when the node scaling policy is disabled.
                                              • Modified the memory request and limit of a customized flavor.
                                              • Enabled to report an event indicating that scaling cannot be performed in a node pool with auto scaling disabled.
                                              
+
                                              1.17.0
                                              
+
                                              1.17.22
                                              
+
                                              v1.17
                                              
+
                                              Optimized logging.
                                              
+
                                              1.17.0
                                              
+
                                              1.17.19
                                              
+
                                              v1.17
                                              
+
                                              Fixed the issue that authentication fails due to incorrect signature in the add-on request retries.
                                              
+
                                              1.17.0
                                              
+
                                              1.17.16
                                              
+
                                              v1.17
                                              
+
                                              Fixed the issue that the node pool modification in the existing periodic auto scaling rule does not take effect.
                                              
+
                                              1.17.0
                                              
+
                                              1.17.15
                                              
+
                                              v1.17
                                              
+
                                              Unified resource specification configuration unit.
                                              
+
                                              1.17.0
                                              
+
                                              1.17.2
                                              
+
                                              v1.17
                                              
+
                                              Clusters 1.17 are supported.
                                              
+
                                              1.17.0
                                              
                                               		
 
                                              
                                               
 
                                              Table 1 Node statuses
                                              Status
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0184.html b/docs/cce/umn/cce_10_0184.html
index daaf7c590..6410c7eb5 100644
--- a/docs/cce/umn/cce_10_0184.html
+++ b/docs/cce/umn/cce_10_0184.html
@@ -4,10 +4,9 @@
 
                                              Scenario
                                              Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifying node specifications will affect services. Perform the operation on nodes one by one.
                                              
 
                                              Some information of CCE nodes is maintained independently from the ECS console. After you change the name, EIP, or specifications of an ECS on the ECS console, synchronize the ECS with the target node on the CCE console. After the synchronization, information on both consoles is consistent.
                                              
 
                                              
-
                                              Notes and Constraints
                                              • Data, including the VM status, ECS names, number of CPUs, size of memory, ECS specifications, and public IP addresses, can be synchronized.
                                              • Data, such as the OS and image ID, cannot be synchronized. (Such parameters cannot be modified on the ECS console.)
                                              
+
                                              Notes and Constraints
                                              • Data, including the VM status, ECS names, number of CPUs, size of memory, ECS specifications, and public IP addresses, can be synchronized.
                                              • The following data cannot be synchronized: OS, image ID, and disk configuration.
                                              
 
                                              
-
                                              Synchronizing the Data of a Cloud Server
                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                              2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                              3. Locate the target node and choose More > Sync Server Data in the Operation column.
                                                Figure 1 Synchronizing server data
                                                
-
                                                After the synchronization is complete, the ECS data synchronization requested message is displayed in the upper right corner.
                                                
+
                                                Synchronizing the Data of a Cloud Server
                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                3. Locate the target node and choose More > Sync Server Data in the Operation column.
                                                  After the synchronization is complete, the ECS data synchronization requested message is displayed in the upper right corner.
                                                  
 
                                                
 
                                                
 
                                              
diff --git a/docs/cce/umn/cce_10_0185.html b/docs/cce/umn/cce_10_0185.html
index 794cf3c96..4bb3462ba 100644
--- a/docs/cce/umn/cce_10_0185.html
+++ b/docs/cce/umn/cce_10_0185.html
@@ -1,7 +1,7 @@
 
 
 
                                              Logging In to a Node
                                              
-
                                              Notes and Constraints
                                              • If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).
                                              • Only login to a running ECS is allowed.
                                              • Only the user linux can log in to a Linux server.
                                              
+
                                              Prerequisites
                                              • Before you log in to a node using SSH, ensure that the SSH port (22 by default) is enabled in the security group of the node. 
                                              • Before you log in to a node (an ECS) using SSH through the Internet, ensure that the ECS already has an EIP bound.
                                              • Only login to a running ECS is allowed.
                                              • Only the user linux can log in to a Linux server.
                                              
 
                                              
 
                                              Login Modes
                                              You can log in to an ECS in either of the following modes:
                                              
 
                                              • Management console (VNC)
                                                If an ECS has no EIP, log in to the ECS console and click Remote Login in the same row as the ECS.
                                                
diff --git a/docs/cce/umn/cce_10_0187.html b/docs/cce/umn/cce_10_0187.html
index 2e990cdfd..b4b8de8ee 100644
--- a/docs/cce/umn/cce_10_0187.html
+++ b/docs/cce/umn/cce_10_0187.html
@@ -9,7 +9,7 @@
 
                                              
 
                                              
 
                                              In general, you configure CCE permissions in two scenarios. The first is creating and managing clusters and related resources, such as nodes. The second is creating and using Kubernetes resources in the cluster, such as workloads and Services.
                                              
-
                                              Figure 1 Illustration on CCE permissions
                                              
+
                                              Figure 1 Illustration on CCE permissions
                                              
 
                                              These permissions allow you to manage resource users at a finer granularity.
                                              
 
                                              
 
                                              Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)
                                              Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.
                                              
diff --git a/docs/cce/umn/cce_10_0188.html b/docs/cce/umn/cce_10_0188.html
index 2b215fa57..5c9b545d4 100644
--- a/docs/cce/umn/cce_10_0188.html
+++ b/docs/cce/umn/cce_10_0188.html
@@ -2,18 +2,20 @@
 
 
                                              Granting Cluster Permissions to an IAM User
                                              
 
                                              CCE cluster-level permissions are assigned based on IAM system policies and custom policies. You can use user groups to assign permissions to IAM users.
                                              
-
                                               
                                              • Cluster permissions are granted to users for operating cluster-related resources only (such as clusters and nodes). To operate Kubernetes resources like workloads and Services, you must be granted the namespace permissions at the same time.
                                              • When viewing a cluster on the CCE console, the information displayed depends on the namespace permissions. If you have no namespace permissions, you cannot view the resources in the cluster. For details, see Permission Dependency of the CCE Console.
                                              
+
                                               
                                              • Cluster permissions are granted to users for operating cluster-related resources only (such as clusters and nodes). To operate Kubernetes resources like workloads and Services, you must be granted the namespace permissions as well.
                                              • When viewing a cluster on the CCE console, the information displayed depends on the namespace permissions. If you have no namespace permissions, you cannot view the resources in the cluster. For details, see Permission Dependency of the CCE Console.
                                              
 
                                              
 
                                              Prerequisites
                                              • A user with the Security Administrator role (for example, your account) has all IAM permissions except role switching. Only these users can view user groups and their permissions on the Permissions page on the CCE console.
                                              
 
                                              
 
                                              Configuration
                                              On the CCE console, when you choose Permissions > Cluster-Level Permissions to create a user group, you will be directed to the IAM console to complete the process. After the user group is created and its permissions are configured, you can view the information on the Cluster-Level Permissions tab page. This section describes the operations in IAM.
                                              
 
                                              
-
                                              Process Flow
                                              Figure 1 Process of assigning CCE permissions
                                              
+
                                              Process Flow
                                              Figure 1 Process of assigning CCE permissions
                                              
 
                                              
 
                                              1. Create a user group and assign permissions to it.
                                                Create a user group on the IAM console, and assign CCE permissions, for example, the CCE ReadOnlyAccess policy to the group.
                                                
 
                                                 
                                                CCE is deployed by region. On the IAM console, select Region-specific projects when assigning CCE permissions.
                                                
 
                                                
 
                                              2. Create a user and add it to a user group.
                                                Create a user on the IAM console and add the user to the group created in 1.
                                                
+
                                                 
                                                IAM users need programmatic and management console access to use CCE.
                                                
+
                                                
 
                                              3. Log in and verify permissions.
                                                Log in to the management console as the user you created, and verify that the user has the assigned permissions.
                                                
 
                                                • Log in to the management console, switch to the CCE console, and create a cluster. If you fail to do so (assuming that only the CCE ReadOnlyAccess permission is assigned), the CCE ReadOnlyAccess policy has already taken effect.
                                                • Switch to the console of any other service. If a message appears indicating that you do not have the required permissions for accessing the service, the CCE ReadOnlyAccess policy has already taken effect.
                                                
 
                                              
@@ -23,7 +25,7 @@
 
                                              
 
                                              System-defined Policies
                                              The system policies preset for CCE in IAM are CCE FullAccess and CCE ReadOnlyAccess.
                                              
 
                                              • CCE FullAccess: common operation permissions on CCE cluster resources, excluding the namespace-level permissions for the clusters (with Kubernetes RBAC enabled) and the privileged administrator operations, such as agency configuration and cluster certificate generation
                                              • CCE ReadOnlyAccess: permissions to view CCE cluster resources, excluding the namespace-level permissions of the clusters (with Kubernetes RBAC enabled)
                                              
-
                                               
                                              The CCE Admin and CCE Viewer roles will be discarded soon. You are advised to use CCE FullAccess and CCE ReadOnlyAccess.
                                              
+
                                               
                                              The CCE Admin and CCE Viewer roles will be discarded soon. Use CCE FullAccess and CCE ReadOnlyAccess.
                                              
 
                                              
 
                                              
 
                                              Custom Policies
                                              Custom policies can be created as a supplement to the system-defined policies of CCE. 
                                              
@@ -82,7 +84,7 @@
 
                                              
 
                                              
 
                                              When RBAC and IAM policies co-exist, the backend authentication logic for open APIs or console operations on CCE is as follows.
                                              
-
                                              
+
                                              
 
                                              
 
                                              
 
                                              
diff --git a/docs/cce/umn/cce_10_0189.html b/docs/cce/umn/cce_10_0189.html
index 2fa073f74..1225e64f9 100644
--- a/docs/cce/umn/cce_10_0189.html
+++ b/docs/cce/umn/cce_10_0189.html
@@ -4,7 +4,7 @@
 
                                              Namespace Permissions (Kubernetes RBAC-based)
                                              You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. The RBAC API declares four kinds of Kubernetes objects: Role, ClusterRole, RoleBinding, and ClusterRoleBinding, which are described as follows:
                                              
 
                                              • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                              • RoleBinding: defines the relationship between users and roles.
                                              • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                              • ClusterRoleBinding: defines the relationship between users and cluster roles.
                                              
 
                                              Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. Illustration:
                                              
-
                                              Figure 1 Role binding
                                              
+
                                              Figure 1 Role binding
                                              
 
                                              On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                              • view (read-only): read-only permission on most resources in all or selected namespaces.
                                              • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                              • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                              • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                              • drainage-editor: drain a node.
                                              • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                              
 
                                              
 
                                              In addition to the preceding typical ClusterRoles, you can define Role and RoleBinding to grant the permissions to add, delete, modify, and obtain global resources (such as nodes, PVs, and CustomResourceDefinitions) and different resources (such as pods, Deployments, and Services) in namespaces for refined permission control.
                                              
@@ -110,7 +110,7 @@ Error from server (Forbidden): services is forbidden: User "0c97ac3cb280f4d91fa7
 Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "kube-system"
 
                                              
 
                                              Example: Assigning Cluster Administrator Permissions (cluster-admin)
                                              You can use the cluster-admin role to assign all permissions on a cluster. This role contains the permissions for all cluster resources.
                                              
-
                                              In the following example kubectl output, a ClusterRoleBinding has been created and binds the cluster-admin role to the user group cce-role-group.
                                              
+
                                              In the following example kubectl output, a ClusterRoleBinding has been created and the cluster-admin role is bound to the user group cce-role-group.
                                              
 
                                              # kubectl get clusterrolebinding
 NAME                                                              ROLE                           AGE
 clusterrole_cluster-admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/cluster-admin      61s
diff --git a/docs/cce/umn/cce_10_0191.html b/docs/cce/umn/cce_10_0191.html
index ae30fb9b5..885e59f96 100644
--- a/docs/cce/umn/cce_10_0191.html
+++ b/docs/cce/umn/cce_10_0191.html
@@ -1,12 +1,12 @@
 
 
-
                                              Overview
                                              
+
                                              Overview of a Chart
                                              
 
                                              CCE provides a console for managing Helm charts, helping you easily deploy applications using the charts and manage applications on the console. 
                                              
 
                                              Helm
                                              Helm is a package manager for Kubernetes and manages charts. A Helm chart is a series of YAML files used to encapsulate native Kubernetes applications. When deploying an application, you can customize some metadata of the application for easy application distribution. Application releasors can use Helm to package applications, manage application dependencies and application versions, and release applications to the software repository. After using Helm, users do not need to compile complex application deployment files. They can easily search for, install, upgrade, roll back, and uninstall applications on Kubernetes.
                                              
 
                                              The relationship between Helm and Kubernetes is as follows:
                                              
 
                                              • Helm <–> Kubernetes
                                              • Apt <–> Ubuntu
                                              • Yum <–> CentOS
                                              • Pip <–> Python
                                              
 
                                              The following figure shows the solution architecture:
                                              
-
                                              
+
                                              
 
                                              Helm can help application orchestration for Kubernetes:
                                              
 
                                              • Manages, edits, and updates a large number of Kubernetes configuration files.
                                              • Deploys a complex Kubernetes application that contains a large number of configuration files.
                                              • Shares and reuses Kubernetes configurations and applications.
                                              • Supports multiple environments with parameter-based configuration templates.
                                              • Manages the release of applications, including rolling back the application, finding differences (using the diff command), and viewing the release history.
                                              • Controls phases in a deployment cycle.
                                              • Tests and verifies the released version.
                                              
 
                                              
diff --git a/docs/cce/umn/cce_10_0193.html b/docs/cce/umn/cce_10_0193.html
index 4e30661a1..722d7ec2c 100644
--- a/docs/cce/umn/cce_10_0193.html
+++ b/docs/cce/umn/cce_10_0193.html
@@ -10,147 +10,151 @@
 
                                               
                                              When using Volcano as a scheduler, use it to schedule all workloads in the cluster. This prevents resource scheduling conflicts caused by simultaneous working of multiple schedulers.
                                              
 
                                              
 
                                              
-
                                              Installing the Add-on
                                              1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, and click Install.
                                              2. On the Install Add-on page, configure the specifications.
                                                
-
                                              Table 1 Node statuses
                                              Status
                                              
 
                                              Status Attribute
                                              
+
                                              Status Attribute
                                              
 
                                              Description
                                              
+
                                              Description
                                              
                                               		
 
                                              
 
                                              Running
                                              
+
                                              Running
                                              
 
                                              Stable state
                                              
+
                                              Stable state
                                              
 
                                              The node is running properly and is connected to the cluster.
                                              
+
                                              The node is running properly and is connected to the cluster.
                                              
 
                                              Nodes in this state can provide services.
                                              
                                               		
 
                                              Unavailable
                                              
+
                                              Unavailable
                                              
 
                                              Stable state
                                              
+
                                              Stable state
                                              
 
                                              The node is not running properly.
                                              
-
                                              Instances in this state no longer provide services. In this case, perform the operations in Resetting a Node.
                                              
+
                                              The node is not functioning correctly, which includes being in a stopped state.
                                              
+
                                              Instances in this state cannot provide services.
                                              
                                               		
 
                                              Creating
                                              
+
                                              Creating
                                              
 
                                              Intermediate state
                                              
+
                                              Intermediate state
                                              
 
                                              The node has been created but is not running.
                                              
+
                                              The node has been created but is not running.
                                              
                                               		
 
                                              Installing
                                              
+
                                              Installing
                                              
 
                                              Intermediate state
                                              
+
                                              Intermediate state
                                              
 
                                              The Kubernetes software is being installed on the node.
                                              
+
                                              The Kubernetes software is being installed on the node.
                                              
                                               		
 
                                              Deleting
                                              
+
                                              Upgrading
                                              
 
                                              Intermediate state
                                              
+
                                              Intermediate state
                                              
 
                                              The node is being deleted.
                                              
+
                                              The node is being upgraded.
                                              
+
                                              Deleting
                                              
+
                                              Intermediate state
                                              
+
                                              The node is being deleted.
                                              
 
                                              If this state stays for a long time, an exception occurred.
                                              
                                               		
 
                                              Stopped
                                              
+
                                              Error
                                              
 
                                              Stable state
                                              
+
                                              Stable state
                                              
 
                                              The node is stopped properly.
                                              
-
                                              A node in this state cannot provide services. You can start the node on the ECS console.
                                              
-
                                              Error
                                              
-
                                              Stable state
                                              
-
                                              The node is abnormal.
                                              
+
                                              The node is abnormal.
                                              
 
                                              Instances in this state no longer provide services. In this case, perform the operations in Resetting a Node.
                                              
                                               		
 
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 1 Add-on configuration
                                              Parameter
                                              
-
                                              Description
                                              
-
                                              Add-on Specifications
                                              
-
                                              Select Standalone, Custom, or HA for Add-on Specifications.
                                              
-
                                              Pods
                                              
-
                                              Number of pods that will be created to match the selected add-on specifications.
                                              
-
                                              If you select Custom, you can adjust the number of pods as required.
                                              
-
                                              High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                              
-
                                              Containers
                                              
-
                                              CPU and memory quotas of the container allowed for the selected add-on specifications.
                                              
-
                                              If you select Custom, the recommended values for volcano-controller and volcano-scheduler are as follows:
                                              
-
                                              • If the number of nodes is less than 100, retain the default configuration. The requested vCPUs are 500m, and the limit is 2000m. The requested memory is 500 MiB, and the limit is 2000 MiB.
                                              • If the number of nodes is greater than 100, increase the requested vCPUs by 500m and the requested memory by 1000 MiB each time 100 nodes (10,000 pods) are added. Increase the vCPU limit by 1500m and the memory limit by 1000 MiB.
                                                 NOTE: 
                                                Recommended formula for calculating the requested value:
                                                
-
                                                • Requested vCPUs: Calculate the number of target nodes multiplied by the number of target pods, perform interpolation search based on the number of nodes in the cluster multiplied by the number of target pods in Table 2, and round up the request value and limit value that are closest to the specifications.
                                                  For example, for 2000 nodes and 20,000 pods, Number of target nodes x Number of target pods = 40 million, which is close to the specification of 700/70,000 (Number of cluster nodes x Number of pods = 49 million). According to the following table, set the requested vCPUs to 4000m and the limit value to 5500m.
                                                  
-
                                                • Requested memory: It is recommended that 2.4 GiB memory be allocated to every 1000 nodes and 1 GiB memory be allocated to every 10,000 pods. The requested memory is the sum of these two values. (The obtained value may be different from the recommended value in Table 2. You can use either of them.)
                                                  Requested memory = Number of target nodes/1000 x 2.4 GiB + Number of target pods/10,000 x 1 GiB
                                                  
-
                                                  For example, for 2000 nodes and 20,000 pods, the requested memory is 6.8 GiB (2000/1000 x 2.4 GiB + 20,000/10,000 x 1 GiB).
                                                  
+
                                                  Installing the Add-on
                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Volcano Scheduler on the right, and click Install.
                                                  2. On the Install Add-on page, configure the specifications as needed.
                                                    • If you selected Preset, the system will configure the number of pods and resource quotas for the add-on based on the preset specifications. You can see the configurations on the console.
                                                    • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                      The resource quotas of the volcano-admission component are irrelevant to the number of cluster nodes and pods. You can retain the default value. The resource quotas of volcano-controller and volcano-scheduler are related to the number of cluster nodes and pods. The recommended values are as follows:
                                                      
+
                                                      • If the number of nodes is less than 100, retain the default configuration. The requested vCPUs are 500m, and the limit is 2000m. The requested memory is 500 MiB, and the limit is 2000 MiB.
                                                      • If the number of nodes is greater than 100, increase the requested vCPUs by 500m and the requested memory by 1000 MiB each time 100 nodes (10,000 pods) are added. Increase the vCPU limit by 1500m and the memory limit by 1000 MiB.
                                                         
                                                        Recommended formula for calculating the requested value:
                                                        
+
                                                        • Requested vCPUs: Calculate the number of target nodes multiplied by the number of target pods, perform interpolation search based on the number of nodes in the cluster multiplied by the number of target pods in Table 1, and round up the request value and limit value that are closest to the specifications.
                                                          For example, for 2000 nodes and 20,000 pods, Number of target nodes x Number of target pods = 40 million, which is close to the specification of 700/70,000 (Number of cluster nodes x Number of pods = 49 million). According to the following table, set the requested vCPUs to 4000m and the limit value to 5500m.
                                                          
+
                                                        • Requested memory: It is recommended that 2.4 GiB memory be allocated to every 1000 nodes and 1 GiB memory be allocated to every 10,000 pods. The requested memory is the sum of these two values. (The obtained value may be different from the recommended value in Table 1. You can use either of them.)
                                                          Requested memory = Number of target nodes/1000 x 2.4 GiB + Number of target pods/10,000 x 1 GiB
                                                          
+
                                                          For example, for 2000 nodes and 20,000 pods, the requested memory is 6.8 GiB (2000/1000 x 2.4 GiB + 20,000/10,000 x 1 GiB).
                                                          
 
                                                        
 
                                                        
 
                                                      
-
                                              
-
                                              
 
-
                                              Table 2 Recommended values for volcano-controller and volcano-scheduler
                                              Nodes/Pods in a Cluster
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 1 Recommended requested resources and resource limits for volcano-controller and volcano-scheduler
                                              Nodes/Pods in a Cluster
                                              
 
                                              Requested vCPUs (m)
                                              
+
                                              CPU Request (m)
                                              
 
                                              vCPU Limit (m)
                                              
+
                                              CPU Limit (m)
                                              
 
                                              Requested Memory (MiB)
                                              
+
                                              Memory Request (MiB)
                                              
 
                                              Memory Limit (MiB)
                                              
+
                                              Memory Limit (MiB)
                                              
                                               		
 
                                              
 
                                              50/5000
                                              
+
                                              50/5000
                                              
 
                                              500
                                              
+
                                              500
                                              
 
                                              2000
                                              
+
                                              2000
                                              
 
                                              500
                                              
+
                                              500
                                              
 
                                              2000
                                              
+
                                              2000
                                              
                                               		
 
                                              100/10,000
                                              
+
                                              100/10000
                                              
 
                                              1000
                                              
+
                                              1000
                                              
 
                                              2500
                                              
+
                                              2500
                                              
 
                                              1500
                                              
+
                                              1500
                                              
 
                                              2500
                                              
+
                                              2500
                                              
                                               		
 
                                              200/20,000
                                              
+
                                              200/20000
                                              
 
                                              1500
                                              
+
                                              1500
                                              
 
                                              3000
                                              
+
                                              3000
                                              
 
                                              2500
                                              
+
                                              2500
                                              
 
                                              3500
                                              
+
                                              3500
                                              
                                               		
 
                                              300/30,000
                                              
+
                                              300/30000
                                              
 
                                              2000
                                              
+
                                              2000
                                              
 
                                              3500
                                              
+
                                              3500
                                              
 
                                              3500
                                              
+
                                              3500
                                              
 
                                              4500
                                              
+
                                              4500
                                              
                                               		
 
                                              400/40,000
                                              
+
                                              400/40000
                                              
 
                                              2500
                                              
+
                                              2500
                                              
 
                                              4000
                                              
+
                                              4000
                                              
 
                                              4500
                                              
+
                                              4500
                                              
 
                                              5500
                                              
+
                                              5500
                                              
                                               		
 
                                              500/50,000
                                              
+
                                              500/50000
                                              
 
                                              3000
                                              
+
                                              3000
                                              
 
                                              4500
                                              
+
                                              4500
                                              
 
                                              5500
                                              
+
                                              5500
                                              
 
                                              6500
                                              
+
                                              6500
                                              
                                               		
 
                                              600/60,000
                                              
+
                                              600/60000
                                              
 
                                              3500
                                              
+
                                              3500
                                              
 
                                              5000
                                              
+
                                              5000
                                              
 
                                              6500
                                              
+
                                              6500
                                              
 
                                              7500
                                              
+
                                              7500
                                              
                                               		
 
                                              700/70,000
                                              
+
                                              700/70000
                                              
 
                                              4000
                                              
+
                                              4000
                                              
 
                                              5500
                                              
+
                                              5500
                                              
 
                                              7500
                                              
+
                                              7500
                                              
 
                                              8500
                                              
+
                                              8500
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
-
                                            5. Configure the add-on parameters.
                                              • Application Scaling Priority Policy: After this function is enabled, application scale-in is performed based on the default priority policy and customized policies. If application scale-out is required, you need to set the default scheduler of the cluster to volcano. 
                                              • Advanced Settings: You can configure the default scheduler parameters. For details, see Table 4.
                                              
-
                                              Example:
                                              colocation_enable: ''
+
                                              6. 
+
                                            6. Configure the extended functions supported by the add-on.
                                              • Descheduling: After this function is enabled, the volcano-descheduler component is automatically deployed. The scheduler will evict and reschedule pods that do not meet your policy configuration requirements. This helps to balance cluster load and reduce resource fragmentation. For details, see Descheduling.
                                              • Hybrid Service Deployment: After this function is enabled, the volcano-agent component is automatically deployed in the node pool with the hybrid deployment capability enabled, which improves resource utilization by ensuring node QoS, enabling CPU bursts, and allowing for dynamic resource oversubscription. This helps to reduce resource usage costs. 
                                              • NUMA Topology Scheduling: After this function is enabled, the resource-exporter component is automatically deployed. The scheduler will schedule pods in NUMA affinity mode, which enhances the performance of high-performance training jobs. For details, see NUMA Affinity Scheduling.
                                              
+
                                            7. Configure deployment policies for the add-on pods.
                                               
                                              • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                              
+
                                              
+
+
                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                              Table 2 Configurations for add-on scheduling
                                              Parameter
                                              
+
                                              Description
                                              
+
                                              Multi-AZ Deployment
                                              
+
                                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                              • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                              
+
                                              Node Affinity
                                              
+
                                              • Not configured: Node affinity is disabled for the add-on.
                                              • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                
+
                                              
+
                                              Toleration
                                              
+
                                              Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.
                                              
+
                                              The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.
                                              
+
                                              For details, see Configuring Tolerance Policies.
                                              
+
                                              
+
                                              
+
                                            8. Click Install.
                                              After the add-on is installed, you can choose Settings in the navigation pane, switch to the Scheduling tab, select Volcano scheduler, and find the corresponding expert mode. You can customize advanced scheduling policies based on actual service scenarios. The following is an example:
                                              colocation_enable: ''
 default_scheduler_conf:
   actions: 'allocate, backfill, preempt'
   tiers:
@@ -187,65 +191,65 @@ tolerations:
     operator: Exists
     tolerationSeconds: 60
                                              
 
-
                                              Table 3 Advanced Volcano configuration parameters
                                              Plugin
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 3 Advanced Volcano configuration parameters
                                              Plugin
                                              
 
                                              Function
                                              
+
                                              Function
                                              
 
                                              Description
                                              
+
                                              Description
                                              
 
                                              Demonstration
                                              
+
                                              Demonstration
                                              
                                               		
 
                                              
 
                                              colocation_enable
                                              
+
                                              colocation_enable
                                              
 
                                              Whether to enable hybrid deployment.
                                              
+
                                              Whether to enable hybrid deployment.
                                              
 
                                              Value:
                                              
-
                                              • true: hybrid enabled
                                              • false: hybrid disabled
                                              
+
                                              Value:
                                              
+
                                              • true: hybrid enabled
                                              • false: hybrid disabled
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              default_scheduler_conf
                                              
+
                                              default_scheduler_conf
                                              
 
                                              Used to schedule pods. It consists of a series of actions and plugins and features high scalability. You can specify and implement actions and plugins based on your requirements.
                                              
+
                                              Used to schedule pods. It consists of a series of actions and plugins and features high scalability. You can specify and implement actions and plugins based on your requirements.
                                              
 
                                              It consists of actions and tiers.
                                              
-
                                              • actions: defines the types and sequence of actions to be executed by the scheduler.
                                              • tiers: configures the plugin list.
                                              
+
                                              It consists of actions and tiers.
                                              
+
                                              • actions: defines the types and sequence of actions to be executed by the scheduler.
                                              • tiers: configures the plugin list.
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              actions
                                              
+
                                              actions
                                              
 
                                              Actions to be executed in each scheduling phase. The configured action sequence is the scheduler execution sequence. For details, see Actions.
                                              
-
                                              The scheduler traverses all jobs to be scheduled and performs actions such as enqueue, allocate, preempt, and backfill in the configured sequence to find the most appropriate node for each job.
                                              
+
                                              Actions to be executed in each scheduling phase. The configured action sequence is the scheduler execution sequence. For details, see Actions.
                                              
+
                                              The scheduler traverses all jobs to be scheduled and performs actions such as enqueue, allocate, preempt, and backfill in the configured sequence to find the most appropriate node for each job.
                                              
 
                                              The following options are supported:
                                              
-
                                              • enqueue: uses a series of filtering algorithms to filter out tasks to be scheduled and sends them to the queue to wait for scheduling. After this action, the task status changes from pending to inqueue.
                                              • allocate: selects the most suitable node based on a series of pre-selection and selection algorithms.
                                              • preempt: performs preemption scheduling for tasks with higher priorities in the same queue based on priority rules.
                                              • backfill: schedules pending tasks as much as possible to maximize the utilization of node resources.
                                              
+
                                              The following options are supported:
                                              
+
                                              • enqueue: uses a series of filtering algorithms to filter out tasks to be scheduled and sends them to the queue to wait for scheduling. After this action, the task status changes from pending to inqueue.
                                              • allocate: selects the most suitable node based on a series of pre-selection and selection algorithms.
                                              • preempt: performs preemption scheduling for tasks with higher priorities in the same queue based on priority rules.
                                              • backfill: schedules pending tasks as much as possible to maximize the utilization of node resources.
                                              
 
                                              actions: 'allocate, backfill, preempt'
                                              
-
                                               NOTE: 
                                              When configuring actions, use either preempt or enqueue.
                                              
+
                                              actions: 'allocate, backfill, preempt'
                                              
+
                                               NOTE: 
                                              When configuring actions, use either preempt or enqueue.
                                              
 
                                              
                                               		
 
                                              plugins
                                              
+
                                              plugins
                                              
 
                                              Implementation details of algorithms in actions based on different scenarios. For details, see Plugins.
                                              
+
                                              Implementation details of algorithms in actions based on different scenarios. For details, see Plugins.
                                              
 
                                              For details, see Table 4.
                                              
+
                                              For details, see Table 4.
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              tolerations
                                              
+
                                              tolerations
                                              
 
                                              Tolerance of the add-on to node taints.
                                              
+
                                              Tolerance of the add-on to node taints.
                                              
 
                                              By default, the add-on can run on nodes with the node.kubernetes.io/not-ready or node.kubernetes.io/unreachable taint and the taint effect value is NoExecute, but it'll be evicted in 60 seconds.
                                              
+
                                              By default, the add-on can run on nodes with the node.kubernetes.io/not-ready or node.kubernetes.io/unreachable taint and the taint effect value is NoExecute, but it'll be evicted in 60 seconds.
                                              
 
                                              tolerations:
+
                                              tolerations:
   - effect: NoExecute
     key: node.kubernetes.io/not-ready
     operator: Exists
@@ -260,25 +264,25 @@ tolerations:
 
                                              
 
                                              
 
-
                                              Table 4 Supported plugins
                                              Plugin
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -535,40 +539,10 @@ tolerations:
 
                                              Table 4 Supported plugins
                                              Plugin
                                              
 
                                              Function
                                              
+
                                              Function
                                              
 
                                              Description
                                              
+
                                              Description
                                              
 
                                              Demonstration
                                              
+
                                              Demonstration
                                              
                                               		
 
                                              
 
                                              binpack
                                              
+
                                              binpack
                                              
 
                                              Schedule pods to nodes with high resource usage (not allocating pods to light-loaded nodes) to reduce resource fragments.
                                              
+
                                              Schedule pods to nodes with high resource usage (not allocating pods to light-loaded nodes) to reduce resource fragments.
                                              
 
                                              arguments:
                                              
-
                                              • binpack.weight: weight of the binpack plugin.
                                              • binpack.cpu: ratio of CPUs to all resources. The parameter value defaults to 1.
                                              • binpack.memory: ratio of memory resources to all resources. The parameter value defaults to 1.
                                              • binpack.resources: other custom resource types requested by the pod, for example, nvidia.com/gpu. Multiple types can be configured and be separated by commas (,).
                                              • binpack.resources.<your_resource>: weight of your custom resource in all resources. Multiple types of resources can be added. <your_resource> indicates the resource type defined in binpack.resources, for example, binpack.resources.nvidia.com/gpu.
                                              
+
                                              arguments:
                                              
+
                                              • binpack.weight: weight of the binpack plugin.
                                              • binpack.cpu: ratio of CPUs to all resources. The parameter value defaults to 1.
                                              • binpack.memory: ratio of memory resources to all resources. The parameter value defaults to 1.
                                              • binpack.resources: other custom resource types requested by the pod, for example, nvidia.com/gpu. Multiple types can be configured and be separated by commas (,).
                                              • binpack.resources.<your_resource>: weight of your custom resource in all resources. Multiple types of resources can be added. <your_resource> indicates the resource type defined in binpack.resources, for example, binpack.resources.nvidia.com/gpu.
                                              
 
                                              - plugins:
-  - name: binpack
+
                                              - plugins:
+  - name: binpack
     arguments:
       binpack.weight: 10
       binpack.cpu: 1
@@ -288,128 +292,128 @@ tolerations:
       binpack.resources.example.com/foo: 3
                                              
                                               		
 
                                              conformance
                                              
+
                                              conformance
                                              
 
                                              Prevent key pods, such as the pods in the kube-system namespace from being preempted.
                                              
+
                                              Prevent key pods, such as the pods in the kube-system namespace from being preempted.
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'priority'
   - name: 'gang'
     enablePreemptable: false
-  - name: 'conformance'
                                              
+  - name: 'conformance'
                                               		
 
                                              lifecycle
                                              
+
                                              lifecycle
                                              
 
                                              By collecting statistics on service scaling rules, pods with similar lifecycles are preferentially scheduled to the same node. With the horizontal scaling capability of the Autoscaler, resources can be quickly scaled in and released, reducing costs and improving resource utilization.
                                              
-
                                              1. Collects statistics on the lifecycle of pods in the service load and schedules pods with similar lifecycles to the same node.
                                              
-
                                              2. For a cluster configured with an automatic scaling policy, adjust the scale-in annotation of the node to preferentially scale in the node with low usage.
                                              
+
                                              By collecting statistics on service scaling rules, pods with similar lifecycles are preferentially scheduled to the same node. With the horizontal scaling capability of the Autoscaler, resources can be quickly scaled in and released, reducing costs and improving resource utilization.
                                              
+
                                              1. Collects statistics on the lifecycle of pods in the service load and schedules pods with similar lifecycles to the same node.
                                              
+
                                              2. For a cluster configured with an automatic scaling policy, adjust the scale-in annotation of the node to preferentially scale in the node with low usage.
                                              
 
                                              arguments:
                                              • lifecycle.WindowSize: The value is an integer greater than or equal to 1 and defaults to 10.
                                                Record the number of times that the number of replicas changes. If the load changes regularly and periodically, decrease the value. If the load changes irregularly and the number of replicas changes frequently, increase the value. If the value is too large, the learning period is prolonged and too many events are recorded.
                                                
-
                                              • lifecycle.MaxGrade: The value is an integer greater than or equal to 3 and defaults to 3.
                                                It indicates levels of replicas. For example, if the value is set to 3, the replicas are classified into three levels. If the load changes regularly and periodically, decrease the value. If the load changes irregularly, increase the value. Setting an excessively small value may result in inaccurate lifecycle forecasts.
                                                
-
                                              • lifecycle.MaxScore: float64 floating point number. The value must be greater than or equal to 50.0. The default value is 200.0.
                                                Maximum score (equivalent to the weight) of the lifecycle plugin.
                                                
-
                                              • lifecycle.SaturatedTresh: float64 floating point number. If the value is less than 0.5, use 0.5. If the value is greater than 1, use 1. The default value is 0.8.
                                                Threshold for determining whether the node usage is too high. If the node usage exceeds the threshold, the scheduler preferentially schedules jobs to other nodes.
                                                
+
                                              arguments:
                                              • lifecycle.WindowSize: The value is an integer greater than or equal to 1 and defaults to 10.
                                                Record the number of times that the number of replicas changes. If the load changes regularly and periodically, decrease the value. If the load changes irregularly and the number of replicas changes frequently, increase the value. If the value is too large, the learning period is prolonged and too many events are recorded.
                                                
+
                                              • lifecycle.MaxGrade: The value is an integer greater than or equal to 3 and defaults to 3.
                                                It indicates levels of replicas. For example, if the value is set to 3, the replicas are classified into three levels. If the load changes regularly and periodically, decrease the value. If the load changes irregularly, increase the value. Setting an excessively small value may result in inaccurate lifecycle forecasts.
                                                
+
                                              • lifecycle.MaxScore: float64 floating point number. The value must be greater than or equal to 50.0. The default value is 200.0.
                                                Maximum score (equivalent to the weight) of the lifecycle plugin.
                                                
+
                                              • lifecycle.SaturatedTresh: float64 floating point number. If the value is less than 0.5, use 0.5. If the value is greater than 1, use 1. The default value is 0.8.
                                                Threshold for determining whether the node usage is too high. If the node usage exceeds the threshold, the scheduler preferentially schedules jobs to other nodes.
                                                
 
                                              
 
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: priority
   - name: gang
     enablePreemptable: false
   - name: conformance
-  - name: lifecycle
+  - name: lifecycle
     arguments:
       lifecycle.MaxGrade: 3
       lifecycle.MaxScore: 200.0
       lifecycle.SaturatedTresh: 0.8
       lifecycle.WindowSize: 10
                                              
-
                                               NOTE: 
                                              • For nodes that do not want to be scaled in, manually mark them as long-period nodes and add the annotation volcano.sh/long-lifecycle-node: true to them. For an unmarked node, the lifecycle plugin automatically marks the node based on the lifecycle of the load on the node.
                                              • The default value of MaxScore is 200.0, which is twice the weight of other plugins. When the lifecycle plugin does not have obvious effect or conflicts with other plugins, disable other plugins or increase the value of MaxScore.
                                              • After the scheduler is restarted, the lifecycle plugin needs to re-record the load change. The optimal scheduling effect can be achieved only after several periods of statistics are collected.
                                              
+
                                               NOTE: 
                                              • For nodes that do not want to be scaled in, manually mark them as long-period nodes and add the annotation volcano.sh/long-lifecycle-node: true to them. For an unmarked node, the lifecycle plugin automatically marks the node based on the lifecycle of the load on the node.
                                              • The default value of MaxScore is 200.0, which is twice the weight of other plugins. When the lifecycle plugin does not have obvious effect or conflicts with other plugins, disable other plugins or increase the value of MaxScore.
                                              • After the scheduler is restarted, the lifecycle plugin needs to re-record the load change. The optimal scheduling effect can be achieved only after several periods of statistics are collected.
                                              
 
                                              
 
                                              		
 
                                              Gang
                                              
+
                                              Gang
                                              
 
                                              Consider a group of pods as a whole for resource allocation. This plugin checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.
                                              
-
                                               NOTE: 
                                              If a gang scheduling policy is used, if the remaining resources in the cluster are greater than or equal to half of the minimum number of resources for running a job but less than the minimum of resources for running the job, Autoscaler scale-outs will not be triggered.
                                              
+
                                              Consider a group of pods as a whole for resource allocation. This plugin checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.
                                              
+
                                               NOTE: 
                                              If a gang scheduling policy is used, if the remaining resources in the cluster are greater than or equal to half of the minimum number of resources for running a job but less than the minimum of resources for running the job, Autoscaler scale-outs will not be triggered.
                                              
 
                                              
 
                                              • enablePreemptable:
                                                • true: Preemption enabled
                                                • false: Preemption not enabled
                                                
-
                                              • enableJobStarving:
                                                • true: Resources are preempted based on the minAvailable setting of jobs.
                                                • false: Resources are preempted based on job replicas.
                                                
-
                                                 NOTE: 
                                                • The default value of minAvailable for Kubernetes-native workloads (such as Deployments) is 1. It is a good practice to set enableJobStarving to false.
                                                • In AI and big data scenarios, you can specify the minAvailable value when creating a vcjob. It is a good practice to set enableJobStarving to true.
                                                • In Volcano versions earlier than v1.11.5, enableJobStarving is set to true by default. In Volcano versions later than v1.11.5, enableJobStarving is set to false by default.
                                                
+
                                              • enablePreemptable:
                                                • true: Preemption enabled
                                                • false: Preemption not enabled
                                                
+
                                              • enableJobStarving:
                                                • true: Resources are preempted based on the minAvailable setting of jobs.
                                                • false: Resources are preempted based on job replicas.
                                                
+
                                                 NOTE: 
                                                • The default value of minAvailable for Kubernetes-native workloads (such as Deployments) is 1. It is a good practice to set enableJobStarving to false.
                                                • In AI and big data scenarios, you can specify the minAvailable value when creating a vcjob. It is a good practice to set enableJobStarving to true.
                                                • In Volcano versions earlier than v1.11.5, enableJobStarving is set to true by default. In Volcano versions later than v1.11.5, enableJobStarving is set to false by default.
                                                
 
                                                
 
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: priority
-  - name: gang
-    enablePreemptable: false
-    enableJobStarving: false
+  - name: gang
+    enablePreemptable: false
+    enableJobStarving: false
   - name: conformance
                                              
                                               		
 
                                              priority
                                              
+
                                              priority
                                              
 
                                              Schedule based on custom load priorities.
                                              
+
                                              Schedule based on custom load priorities.
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
-  - name: priority
+
                                              - plugins:
+  - name: priority
   - name: gang
     enablePreemptable: false
   - name: conformance
                                              
                                               		
 
                                              overcommit
                                              
+
                                              overcommit
                                              
 
                                              Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.
                                              
-
                                               NOTE: 
                                              This plugin is supported in Volcano 1.6.5 and later versions.
                                              
+
                                              Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.
                                              
+
                                               NOTE: 
                                              This plugin is supported in Volcano 1.6.5 and later versions.
                                              
 
                                              
 
                                              arguments:
                                              
-
                                              • overcommit-factor: inflation factor, which defaults to 1.2.
                                              
+
                                              arguments:
                                              
+
                                              • overcommit-factor: inflation factor, which defaults to 1.2.
                                              
 
                                              - plugins:
-  - name: overcommit
+
                                              - plugins:
+  - name: overcommit
     arguments:
       overcommit-factor: 2.0
                                              
                                               		
 
                                              drf
                                              
+
                                              drf
                                              
 
                                              The Dominant Resource Fairness (DRF) scheduling algorithm, which schedules jobs based on their dominant resource share. Jobs with a smaller resource share will be scheduled with a higher priority.
                                              
+
                                              The Dominant Resource Fairness (DRF) scheduling algorithm, which schedules jobs based on their dominant resource share. Jobs with a smaller resource share will be scheduled with a higher priority.
                                              
 
                                              -
                                              
+
                                              None
                                              
 
                                              - plugins:
-  - name: 'drf'
+
                                              - plugins:
+  - name: 'drf'
   - name: 'predicates'
   - name: 'nodeorder'
                                              
                                               		
 
                                              predicates
                                              
+
                                              predicates
                                              
 
                                              Determine whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node repetition, volume limits, and volume zone matching.
                                              
+
                                              Determine whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node repetition, volume limits, and volume zone matching.
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'drf'
-  - name: 'predicates'
+  - name: 'predicates'
   - name: 'nodeorder'
                                              
                                               		
 
                                              nodeorder
                                              
+
                                              nodeorder
                                              
 
                                              A common algorithm for selecting nodes. Nodes are scored in simulated resource allocation to find the most suitable node for the current job.
                                              
+
                                              A common algorithm for selecting nodes. Nodes are scored in simulated resource allocation to find the most suitable node for the current job.
                                              
 
                                              Scoring parameters:
                                              
-
                                              • nodeaffinity.weight: Pods are scheduled based on node affinity. This parameter defaults to 2.
                                              • podaffinity.weight: Pods are scheduled based on pod affinity. This parameter defaults to 2.
                                              • leastrequested.weight: Pods are scheduled to the node with the least requested resources. This parameter defaults to 1.
                                              • balancedresource.weight: Pods are scheduled to the node with balanced resource allocation. This parameter defaults to 1.
                                              • mostrequested.weight: Pods are scheduled to the node with the most requested resources. This parameter defaults to 0.
                                              • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. This parameter defaults to 3.
                                              • imagelocality.weight: Pods are scheduled to the node where the required images exist. This parameter defaults to 1.
                                              • podtopologyspread.weight: Pods are scheduled based on the pod topology. This parameter defaults to 2.
                                              
+
                                              Scoring parameters:
                                              
+
                                              • nodeaffinity.weight: Pods are scheduled based on node affinity. This parameter defaults to 2.
                                              • podaffinity.weight: Pods are scheduled based on pod affinity. This parameter defaults to 2.
                                              • leastrequested.weight: Pods are scheduled to the node with the least requested resources. This parameter defaults to 1.
                                              • balancedresource.weight: Pods are scheduled to the node with balanced resource allocation. This parameter defaults to 1.
                                              • mostrequested.weight: Pods are scheduled to the node with the most requested resources. This parameter defaults to 0.
                                              • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. This parameter defaults to 3.
                                              • imagelocality.weight: Pods are scheduled to the node where the required images exist. This parameter defaults to 1.
                                              • podtopologyspread.weight: Pods are scheduled based on the pod topology. This parameter defaults to 2.
                                              
 
                                              - plugins:
-  - name: nodeorder
+
                                              - plugins:
+  - name: nodeorder
     arguments:
       leastrequested.weight: 1
       mostrequested.weight: 0
@@ -421,113 +425,113 @@ tolerations:
       podtopologyspread.weight: 2
                                              
                                               		
 
                                              cce-gpu-topology-predicate
                                              
+
                                              cce-gpu-topology-predicate
                                              
 
                                              GPU-topology scheduling preselection algorithm
                                              
+
                                              GPU-topology scheduling preselection algorithm
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
-  - name: 'cce-gpu-topology-predicate'
+
                                              - plugins:
+  - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
   - name: 'cce-gpu'
                                              
                                               		
 
                                              cce-gpu-topology-priority
                                              
+
                                              cce-gpu-topology-priority
                                              
 
                                              GPU-topology scheduling priority algorithm
                                              
+
                                              GPU-topology scheduling priority algorithm
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'cce-gpu-topology-predicate'
-  - name: 'cce-gpu-topology-priority'
+  - name: 'cce-gpu-topology-priority'
   - name: 'cce-gpu'
                                              
                                               		
 
                                              cce-gpu
                                              
+
                                              cce-gpu
                                              
 
                                              GPU resource allocation that supports decimal GPU configurations by working with the gpu add-on.
                                              
+
                                              GPU resource allocation that supports decimal GPU configurations by working with the gpu add-on.
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'cce-gpu-topology-predicate'
   - name: 'cce-gpu-topology-priority'
-  - name: 'cce-gpu'
                                              
+  - name: 'cce-gpu'
                                               		
 
                                              numa-aware
                                              
+
                                              numa-aware
                                              
 
                                              NUMA affinity scheduling. 
                                              
+
                                              NUMA affinity scheduling. For details, see NUMA Affinity Scheduling.
                                              
 
                                              arguments:
                                              
-
                                              • weight: weight of the numa-aware plugin
                                              
+
                                              arguments:
                                              
+
                                              • weight: weight of the numa-aware plugin
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
   - name: 'networkresource'
     arguments:
       NetworkType: vpc-router
-  - name: numa-aware
+  - name: numa-aware
     arguments:
       weight: 10
                                              
                                               		
 
                                              networkresource
                                              
+
                                              networkresource
                                              
 
                                              The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.
                                              
+
                                              The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.
                                              
 
                                              arguments:
                                              
-
                                              • NetworkType: network type (eni or vpc-router)
                                              
+
                                              arguments:
                                              
+
                                              • NetworkType: network type (eni or vpc-router)
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
-  - name: 'networkresource'
+  - name: 'networkresource'
     arguments:
       NetworkType: vpc-router
                                              
                                               		
 
                                              nodelocalvolume
                                              
+
                                              nodelocalvolume
                                              
 
                                              Filter out nodes that do not meet local volume requirements.
                                              
+
                                              Filter out nodes that do not meet local volume requirements.
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
-  - name: 'nodelocalvolume'
+
                                              - plugins:
+  - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
   - name: 'networkresource'
                                              
                                               		
 
                                              nodeemptydirvolume
                                              
+
                                              nodeemptydirvolume
                                              
 
                                              Filter out nodes that do not meet the emptyDir requirements.
                                              
+
                                              Filter out nodes that do not meet the emptyDir requirements.
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'nodelocalvolume'
-  - name: 'nodeemptydirvolume'
+  - name: 'nodeemptydirvolume'
   - name: 'nodeCSIscheduling'
   - name: 'networkresource'
                                              
                                               		
 
                                              nodeCSIscheduling
                                              
+
                                              nodeCSIscheduling
                                              
 
                                              Filter out nodes with malfunctional Everest.
                                              
+
                                              Filter out nodes with malfunctional Everest.
                                              
 
                                              None
                                              
+
                                              None
                                              
 
                                              - plugins:
+
                                              - plugins:
   - name: 'nodelocalvolume'
   - name: 'nodeemptydirvolume'
-  - name: 'nodeCSIscheduling'
+  - name: 'nodeCSIscheduling'
   - name: 'networkresource'
                                              
                                               		
 
                                              
 
                                              
 
-
                                            9. Configure scheduling policies for the add-on.
                                               
                                              • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                              
-
                                              
-
-
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 5 Configurations for add-on scheduling
                                              Parameter
                                              
-
                                              Description
                                              
-
                                              Multi AZ
                                              
-
                                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                              • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                              
-
                                              Node Affinity
                                              
-
                                              • Not configured: Node affinity is disabled for the add-on.
                                              • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                              • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                
-
                                              
-
                                              Toleration
                                              
-
                                              Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.
                                              
-
                                              The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.
                                              
-
                                              For details, see Configuring Tolerance Policies.
                                              
-
                                              
-
                                              
-
                                            10. Click Install.
                                              11. 
+
                                              
 
 
                                              Components
                                              
-
                                              Table 6 Add-on components
                                              Component
                                              
+
                                              
@@ -611,16 +585,39 @@ tolerations:
 
+
+
+
+
+
+
+
+
+
+
+
+
                                              Table 5 Add-on components
                                              Component
                                              
                                               		
 
                                              Description
                                              
 
                                              DaemonSet
                                              
                                               		
 
                                              volcano-descheduler
                                              
+
                                              Reschedule pods in a cluster. After the rescheduling capability is enabled, pods will be automatically deployed on nodes.
                                              
+
                                              Deployment
                                              
+
                                              volcano-recommender
                                              
+
                                              Generate recommendations for CPU and memory requests based on the historical CPU and memory usage of a container.
                                              
+
                                              Deployment
                                              
+
                                              volcano-recommender-prometheus-adapter
                                              
+
                                              Collect historical CPU and memory metrics of containers from Prometheus.
                                              
+
                                              Deployment
                                              
+
                                              
 
 
                                              
 
                                              
 
 
                                              Modifying the volcano-scheduler Configurations Using the Console
                                              volcano-scheduler is the component responsible for pod scheduling. It consists of a series of actions and plugins. Actions should be executed in every step. Plugins provide the action algorithm details in different scenarios. volcano-scheduler is highly scalable. You can specify and implement actions and plugins based on your requirements.
                                              
-
                                              Volcano allows you to configure the scheduler during installation, upgrade, and editing. The configuration will be synchronized to volcano-scheduler-configmap.
                                              
+
                                              After the add-on is installed, you can choose Settings in the navigation pane, switch to the Scheduling tab, and configure the basic scheduling capabilities. You can also use the expert mode of the Volcano scheduler to customize advanced scheduling policies based on service scenarios.
                                              
 
                                              This section describes how to configure volcano-scheduler.
                                              
-
                                               
                                              Only Volcano of v1.7.1 and later support this function. On the new add-on page, options such as resource_exporter_enable are replaced by default_scheduler_conf.
                                              
+
                                               
                                              Only Volcano of v1.7.1 and later support this function. 
                                              
 
                                              
-
                                              Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane. On the right of the page, locate Volcano Scheduler and click Install or Upgrade. In the Parameters area, configure the Volcano parameters.
                                              
+
                                              Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab. In the Select Cluster Scheduler area, select Volcano scheduler, find the expert mode, and click Try Now.
                                              
+
                                              
+
                                              
 
                                              • Using resource_exporter:
                                                ...
     "default_scheduler_conf": {
         "actions": "allocate, backfill, preempt",
@@ -689,293 +686,187 @@ tolerations:
 
                                                After this function is enabled, you can use the functions of both numa-aware and resource_exporter.
                                                
 
                                              
 
                                              
-
                                              Retaining the Original volcano-scheduler-configmap Configurations
                                              If you want to use the original configuration after the plugin is upgraded, perform the following steps:
                                              
-
                                              1. Check and back up the original volcano-scheduler-configmap configuration.
                                                Example:
                                                # kubectl edit cm volcano-scheduler-configmap -n kube-system
-apiVersion: v1
-data:
-  default-scheduler.conf: |-
-    actions: "enqueue, allocate, backfill"
-    tiers:
-    - plugins:
-      - name: priority
-      - name: gang
-      - name: conformance
-    - plugins:
-      - name: drf
-      - name: predicates
-      - name: nodeorder
-      - name: binpack
-        arguments:
-          binpack.cpu: 100
-          binpack.weight: 10
-          binpack.resources: nvidia.com/gpu
-          binpack.resources.nvidia.com/gpu: 10000
-    - plugins:
-      - name: cce-gpu-topology-predicate
-      - name: cce-gpu-topology-priority
-      - name: cce-gpu
-    - plugins:
-      - name: nodelocalvolume
-      - name: nodeemptydirvolume
-      - name: nodeCSIscheduling
-      - name: networkresource
                                                
-
                                                
-
                                              2. Enter the customized content in the Parameters area on the console.
                                                ...
-    "default_scheduler_conf": {
-        "actions": "enqueue, allocate, backfill",
-        "tiers": [
-            {
-                "plugins": [
-                    {
-                        "name": "priority"
-                    },
-                    {
-                        "name": "gang"
-                    },
-                    {
-                        "name": "conformance"
-                    }
-                ]
-            },
-            {
-                "plugins": [
-                    {
-                        "name": "drf"
-                    },
-                    {
-                        "name": "predicates"
-                    },
-                    {
-                        "name": "nodeorder"
-                    },
-                    {
-                        "name": "binpack",
-                        "arguments": {
-                            "binpack.cpu": 100,
-                            "binpack.weight": 10,
-                            "binpack.resources": "nvidia.com/gpu",
-                            "binpack.resources.nvidia.com/gpu": 10000
-                        }
-                    }
-                ]
-            },
-            {
-                "plugins": [
-                    {
-                        "name": "cce-gpu-topology-predicate"
-                    },
-                    {
-                        "name": "cce-gpu-topology-priority"
-                    },
-                    {
-                        "name": "cce-gpu"
-                    }
-                ]
-            },
-            {
-                "plugins": [
-                    {
-                        "name": "nodelocalvolume"
-                    },
-                    {
-                        "name": "nodeemptydirvolume"
-                    },
-                    {
-                        "name": "nodeCSIscheduling"
-                    },
-                    {
-                        "name": "networkresource"
-                    }
-                ]
-            }
-        ]
-    },
-...
                                                
-
                                                 
                                                When this function is used, the original content in volcano-scheduler-configmap will be overwritten. Therefore, you must check whether volcano-scheduler-configmap has been modified during the upgrade. If yes, synchronize the modification to the upgrade page.
                                                
-
                                                
-
                                              
-
                                              
 
                                              Collecting Prometheus Metrics
                                              volcano-scheduler exposes Prometheus metrics through port 8080. You can build a Prometheus collector to identify and obtain volcano-scheduler scheduling metrics from http://{{volcano-schedulerPodIP}}:{{volcano-schedulerPodPort}}/metrics.
                                              
 
                                               
                                              Prometheus metrics can be exposed only by the Volcano add-on of version 1.8.5 or later.
                                              
 
                                              
 
-
                                              Table 7 Key metrics
                                              Metric
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 6 Key metrics
                                              Metric
                                              
 
                                              Type
                                              
+
                                              Type
                                              
 
                                              Description
                                              
+
                                              Description
                                              
 
                                              Label
                                              
+
                                              Label
                                              
                                               		
 
                                              
 
                                              e2e_scheduling_latency_milliseconds
                                              
+
                                              e2e_scheduling_latency_milliseconds
                                              
 
                                              Histogram
                                              
+
                                              Histogram
                                              
 
                                              E2E scheduling latency (ms) (scheduling algorithm + binding)
                                              
+
                                              E2E scheduling latency (ms) (scheduling algorithm + binding)
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              e2e_job_scheduling_latency_milliseconds
                                              
+
                                              e2e_job_scheduling_latency_milliseconds
                                              
 
                                              Histogram
                                              
+
                                              Histogram
                                              
 
                                              E2E job scheduling latency (ms)
                                              
+
                                              E2E job scheduling latency (ms)
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              e2e_job_scheduling_duration
                                              
+
                                              e2e_job_scheduling_duration
                                              
 
                                              Gauge
                                              
+
                                              Gauge
                                              
 
                                              E2E job scheduling duration
                                              
+
                                              E2E job scheduling duration
                                              
 
                                              labels=["job_name", "queue", "job_namespace"]
                                              
+
                                              labels=["job_name", "queue", "job_namespace"]
                                              
                                               		
 
                                              plugin_scheduling_latency_microseconds
                                              
+
                                              plugin_scheduling_latency_microseconds
                                              
 
                                              Histogram
                                              
+
                                              Histogram
                                              
 
                                              Add-on scheduling latency (µs)
                                              
+
                                              Add-on scheduling latency (µs)
                                              
 
                                              labels=["plugin", "OnSession"]
                                              
+
                                              labels=["plugin", "OnSession"]
                                              
                                               		
 
                                              action_scheduling_latency_microseconds
                                              
+
                                              action_scheduling_latency_microseconds
                                              
 
                                              Histogram
                                              
+
                                              Histogram
                                              
 
                                              Action scheduling latency (µs)
                                              
+
                                              Action scheduling latency (µs)
                                              
 
                                              labels=["action"]
                                              
+
                                              labels=["action"]
                                              
                                               		
 
                                              task_scheduling_latency_milliseconds
                                              
+
                                              task_scheduling_latency_milliseconds
                                              
 
                                              Histogram
                                              
+
                                              Histogram
                                              
 
                                              Task scheduling latency (ms)
                                              
+
                                              Task scheduling latency (ms)
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              schedule_attempts_total
                                              
+
                                              schedule_attempts_total
                                              
 
                                              Counter
                                              
+
                                              Counter
                                              
 
                                              Number of pod scheduling attempts. unschedulable indicates that the pods cannot be scheduled, and error indicates that the internal scheduler is faulty.
                                              
+
                                              Number of pod scheduling attempts. unschedulable indicates that the pods cannot be scheduled, and error indicates that the internal scheduler is faulty.
                                              
 
                                              labels=["result"]
                                              
+
                                              labels=["result"]
                                              
                                               		
 
                                              pod_preemption_victims
                                              
+
                                              pod_preemption_victims
                                              
 
                                              Gauge
                                              
+
                                              Gauge
                                              
 
                                              Number of selected preemption victims
                                              
+
                                              Number of selected preemption victims
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              total_preemption_attempts
                                              
+
                                              total_preemption_attempts
                                              
 
                                              Counter
                                              
+
                                              Counter
                                              
 
                                              Total number of preemption attempts in a cluster
                                              
+
                                              Total number of preemption attempts in a cluster
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              unschedule_task_count
                                              
+
                                              unschedule_task_count
                                              
 
                                              Gauge
                                              
+
                                              Gauge
                                              
 
                                              Number of unschedulable tasks
                                              
+
                                              Number of unschedulable tasks
                                              
 
                                              labels=["job_id"]
                                              
+
                                              labels=["job_id"]
                                              
                                               		
 
                                              unschedule_job_count
                                              
+
                                              unschedule_job_count
                                              
 
                                              Gauge
                                              
+
                                              Gauge
                                              
 
                                              Number of unschedulable jobs
                                              
+
                                              Number of unschedulable jobs
                                              
 
                                              None
                                              
+
                                              None
                                              
                                               		
 
                                              job_retry_counts
                                              
+
                                              job_retry_counts
                                              
 
                                              Counter
                                              
+
                                              Counter
                                              
 
                                              Number of job retries
                                              
+
                                              Number of job retries
                                              
 
                                              labels=["job_id"]
                                              
+
                                              labels=["job_id"]
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
 
-
                                              Uninstalling the Volcano Add-on
                                              After the add-on is uninstalled, all custom Volcano resources (Table 8) will be deleted, including the created resources. Reinstalling the add-on will not inherit or restore the tasks before the uninstallation. It is a good practice to uninstall the Volcano add-on only when no custom Volcano resources are being used in the cluster.
                                              
+
                                              Uninstalling the Volcano Add-on
                                              After the add-on is uninstalled, all custom Volcano resources (Table 7) will be deleted, including the created resources. Reinstalling the add-on will not inherit or restore the tasks before the uninstallation. It is a good practice to uninstall the Volcano add-on only when no custom Volcano resources are being used in the cluster.
                                              
 
-
                                              Table 8 Custom Volcano resources
                                              Item
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -985,98 +876,110 @@ data:
 
                                              Change History
                                               
                                              It is a good practice to upgrade Volcano to the latest version that is supported by the cluster.
                                              
 
                                              
 
-
                                              Table 7 Custom Volcano resources
                                              Item
                                              
 
                                              API Group
                                              
+
                                              API Group
                                              
 
                                              API Version
                                              
+
                                              API Version
                                              
 
                                              Resource Level
                                              
+
                                              Resource Level
                                              
                                               		
 
                                              
 
                                              Command
                                              
+
                                              Command
                                              
 
                                              bus.volcano.sh
                                              
+
                                              bus.volcano.sh
                                              
 
                                              v1alpha1
                                              
+
                                              v1alpha1
                                              
 
                                              Namespaced
                                              
+
                                              Namespaced
                                              
                                               		
 
                                              Job
                                              
+
                                              Job
                                              
 
                                              batch.volcano.sh
                                              
+
                                              batch.volcano.sh
                                              
 
                                              v1alpha1
                                              
+
                                              v1alpha1
                                              
 
                                              Namespaced
                                              
+
                                              Namespaced
                                              
                                               		
 
                                              Numatopology
                                              
+
                                              Numatopology
                                              
 
                                              nodeinfo.volcano.sh
                                              
+
                                              nodeinfo.volcano.sh
                                              
 
                                              v1alpha1
                                              
+
                                              v1alpha1
                                              
 
                                              Cluster
                                              
+
                                              Cluster
                                              
                                               		
 
                                              PodGroup
                                              
+
                                              PodGroup
                                              
 
                                              scheduling.volcano.sh
                                              
+
                                              scheduling.volcano.sh
                                              
 
                                              v1beta1
                                              
+
                                              v1beta1
                                              
 
                                              Namespaced
                                              
+
                                              Namespaced
                                              
                                               		
 
                                              Queue
                                              
+
                                              Queue
                                              
 
                                              scheduling.volcano.sh
                                              
+
                                              scheduling.volcano.sh
                                              
 
                                              v1beta1
                                              
+
                                              v1beta1
                                              
 
                                              Cluster
                                              
+
                                              Cluster
                                              
                                               		
 
                                              
 
                                              Table 9 Release history
                                              Add-on Version
                                              
+
                                              
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0196.html b/docs/cce/umn/cce_10_0196.html
index 979195280..82fc6c0ab 100644
--- a/docs/cce/umn/cce_10_0196.html
+++ b/docs/cce/umn/cce_10_0196.html
@@ -1,60 +1,57 @@
 
                                              Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration
                                              
-
                                              Scenario
                                              In a CCE Turbo cluster, you can configure subnets and security groups for containers by namespace or workload using NetworkAttachmentDefinition CRDs. If you want to configure a specified container subnet and security group for a specified namespace or workload, create a container network configuration and associate it with the target namespace or workload. In this way, service subnets can be planned or services can be securely isolated.
                                              
+
                                              Scenario
                                              In a CCE Turbo cluster, you can configure subnets and security groups for containers by namespace or workload using NetworkAttachmentDefinition CRDs. To configure a particular container subnet and security group for a specified namespace or workload, create a container network configuration (NetworkAttachmentDefinition) and associate it with the target namespace or workload. In this way, service subnets can be planned or services can be securely isolated.
                                              
+
                                              Figure 1 Custom container network settings
                                              
 
                                              The following table lists the resources that a container network configuration can be associated with.
-
                                              Table 8 Release history
                                              Add-on Version
                                              
 
                                              Supported Cluster Version
                                              
+
                                              Supported Cluster Version
                                              
 
                                              New Feature
                                              
+
                                              New Feature
                                              
                                               		
 
                                              
 
                                              1.13.3
                                              
+
                                              1.15.6
                                              
 
                                              v1.21
                                              
+
                                              v1.23
                                              
+
                                              v1.25
                                              
+
                                              v1.27
                                              
+
                                              v1.28
                                              
+
                                              v1.29
                                              
+
                                              v1.30
                                              
+
                                              Resources can be oversubscribed based on pod profiling.
                                              
+
                                              1.13.3
                                              
+
                                              v1.21
                                              
 
                                              v1.23
                                              
 
                                              v1.25
                                              
 
                                              v1.27
                                              
 
                                              v1.28
                                              
 
                                              v1.29
                                              
 
                                              • Supported scale-in of customized resources based on node priorities.
                                              • Optimized the association between preemption and node scale-out.
                                              
+
                                              • Supported scale-in of customized resources based on node priorities.
                                              • Optimized the association between preemption and node scale-out.
                                              
                                               		
 
                                              1.12.1
                                              
+
                                              1.12.1
                                              
 
                                              v1.19.16
                                              
+
                                              v1.19.16
                                              
 
                                              v1.21
                                              
 
                                              v1.23
                                              
 
                                              v1.25
                                              
 
                                              v1.27
                                              
 
                                              v1.28
                                              
 
                                              Optimized application auto scaling performance.
                                              
+
                                              Optimized application auto scaling performance.
                                              
                                               		
 
                                              1.11.21
                                              
+
                                              1.11.21
                                              
 
                                              v1.19.16
                                              
+
                                              v1.19.16
                                              
 
                                              v1.21
                                              
 
                                              v1.23
                                              
 
                                              v1.25
                                              
 
                                              v1.27
                                              
 
                                              v1.28
                                              
 
                                              • Supported Kubernetes 1.28.
                                              • Supported load-aware scheduling.
                                              • Updated image OS to HCE 2.0.
                                              • Optimized CSI resource preemption.
                                              • Optimized load-aware rescheduling.
                                              • Optimized preemption in hybrid deployment scenarios.
                                              
+
                                              • Supported Kubernetes 1.28.
                                              • Supported load-aware scheduling.
                                              • Updated image OS to HCE 2.0.
                                              • Optimized CSI resource preemption.
                                              • Optimized load-aware rescheduling.
                                              • Optimized preemption in hybrid deployment scenarios.
                                              
                                               		
 
                                              1.11.6
                                              
+
                                              1.11.6
                                              
 
                                              v1.19.16
                                              
+
                                              v1.19.16
                                              
 
                                              v1.21
                                              
 
                                              v1.23
                                              
 
                                              v1.25
                                              
 
                                              v1.27
                                              
 
                                              • Supported Kubernetes 1.27.
                                              • Supported rescheduling.
                                              • Supported affinity scheduling of nodes in the node pool.
                                              • Optimized the scheduling performance.
                                              
+
                                              • Supported Kubernetes 1.27.
                                              • Supported rescheduling.
                                              • Supported affinity scheduling of nodes in the node pool.
                                              • Optimized the scheduling performance.
                                              
                                               		
 
                                              1.9.1
                                              
+
                                              1.9.1
                                              
 
                                              v1.19.16
                                              
+
                                              v1.19.16
                                              
 
                                              v1.21
                                              
 
                                              v1.23
                                              
 
                                              v1.25
                                              
 
                                              • Fixes the issue that the counting pipeline pod of the networkresource add-on occupies supplementary network interfaces (Sub-ENI).
                                              • Fixes the issue where the binpack add-on scores nodes with insufficient resources.
                                              • Fixes the issue of processing resources in the pod with unknown end status.
                                              • Optimizes event output.
                                              • Supports HA deployment by default.
                                              
+
                                              • Fixes the issue that the counting pipeline pod of the networkresource add-on occupies supplementary network interfaces (Sub-ENI).
                                              • Fixes the issue where the binpack add-on scores nodes with insufficient resources.
                                              • Fixes the issue of processing resources in the pod with unknown end status.
                                              • Optimizes event output.
                                              • Supports HA deployment by default.
                                              
                                               		
 
                                              1.7.1
                                              
+
                                              1.7.1
                                              
 
                                              v1.19.16
                                              
+
                                              v1.19.16
                                              
 
                                              v1.21
                                              
 
                                              v1.23
                                              
 
                                              v1.25
                                              
 
                                              Adapts to clusters 1.25.
                                              
+
                                              Adapts to clusters 1.25.
                                              
                                               		
 
                                              1.4.5
                                              
+
                                              1.4.5
                                              
 
                                              v1.17
                                              
+
                                              v1.17
                                              
 
                                              v1.19
                                              
 
                                              v1.21
                                              
 
                                              Changes the deployment mode of volcano-scheduler from statefulset to deployment, and fixes the issue that pods cannot be automatically migrated when the node is abnormal.
                                              
+
                                              Changes the deployment mode of volcano-scheduler from statefulset to deployment, and fixes the issue that pods cannot be automatically migrated when the node is abnormal.
                                              
                                               		
 
                                              1.3.7
                                              
+
                                              1.3.7
                                              
 
                                              v1.15
                                              
+
                                              v1.15
                                              
 
                                              v1.17
                                              
 
                                              v1.19
                                              
 
                                              v1.21
                                              
 
                                              • Supports hybrid deployment of online and offline jobs and resource oversubscription.
                                              • Optimizes the scheduling throughput for clusters.
                                              • Fixes the issue where the scheduler panics in certain scenarios.
                                              • Fixes the issue that the volumes.secret verification of the volcano job in the CCE clusters 1.15 fails.
                                              • Fixes the issue that jobs fail to be scheduled when volumes are mounted.
                                              
+
                                              • Supports hybrid deployment of online and offline jobs and resource oversubscription.
                                              • Optimizes the scheduling throughput for clusters.
                                              • Fixes the issue where the scheduler panics in certain scenarios.
                                              • Fixes the issue that the volumes.secret verification of the volcano job in the CCE clusters 1.15 fails.
                                              • Fixes the issue that jobs fail to be scheduled when volumes are mounted.
                                              
                                               		
 
                                              
                                               
 
 
                                              Table 1 Associated resources
                                              Category
                                              
+
                                              
-
-
-
-
-
-
-
-
-
-
-
-
                                              Table 1 Associated resources
                                              Category
                                              
 
                                              Resources a Container Network Configuration Can Associate with
                                              
+
                                              Resources a Container Network Configuration Can Associate with
                                              
                                               		
 
                                              Namespace
                                              
+
                                              Namespace
                                              
 
                                              Workload
                                              
+
                                              Workload
                                              
                                               		
 
                                              
 
                                              Subnet and security group configurations
                                              
+
                                              Subnet and security group configurations
                                              
 
                                              All workloads created in the namespace associated with a container network configuration use the same subnet and security group configurations.
                                              
+
                                              All workloads created in the namespace associated with a container network configuration will use the same subnet and security group configurations.
                                              
 
                                              The workloads associated with the same container network configuration use the same subnet and security group configurations.
                                              
+
                                              The workloads using the same container network configuration will use the same subnet and security group configurations.
                                              
                                               		
 
                                              Supported cluster versions
                                              
+
                                              Supported cluster versions
                                              
 
                                              Available only in CCE Turbo clusters of 1.23.8-r0, 1.25.3-r0, or later.
                                              
+
                                              Available only in CCE Turbo clusters of 1.23.8-r0, 1.25.3-r0, or later.
                                              
 
                                              Available only in CCE Turbo clusters of 1.23.11-r0, 1.25.6-r0, 1.27.3-r0, 1.28.1-r0, or later.
                                              
+
                                              Available only in CCE Turbo clusters of 1.23.11-r0, 1.25.6-r0, 1.27.3-r0, 1.28.1-r0, or later.
                                              
                                               		
 
                                              Notes and Constraints
                                              
+
                                              Notes and Constraints
                                              
 
                                              A namespace can be associated with only one container network configuration.
                                              
+
                                              A namespace can be associated with only one container network configuration.
                                              
 
                                              Only the custom container network configurations that are not associated with any namespace can be specified.
                                              
+
                                              Only the custom container network configurations that are not associated with any namespace can be specified.
                                              
                                               		
 
                                              
                                               
 
                                              
 
                                              
-
                                               
                                              • The priorities (in descending order) of the container network configurations used by a pod are as follows: Container network configuration directly associated with the pod > Container network configuration associated with the pod namespace > Default container network configuration of the cluster (default-network)
                                              • If default-network is available in a cluster, it takes effect on all pods where no custom container network configuration has been configured. The default container subnet in the network settings on the Overview page is the container subnet in default-network. default-network cannot be deleted.
                                              
+
                                               
                                              • The priorities (in descending order) of the container network configurations used by a pod are as follows: Container network configuration directly associated with the pod > Container network configuration associated with the pod namespace > Default container network configuration of the cluster (default-network)
                                              • If default-network is available in a cluster, it takes effect on all pods where no custom container network configuration has been configured. The default container subnet in the network settings on the Overview page is the container subnet in default-network. default-network cannot be deleted.
                                              • If there is only one container network configuration in a cluster, it is the default container network configuration. If there are multiple container network configurations in a cluster, the one with annotation yangtse.io/default-network: true is the default container network configuration. If there is no default container network configuration in a cluster, the pod that is not associated with any container network configuration fails to be start after being created because no NIC can be allocated for the pod.
                                              
 
                                              
 
                                              
 
                                              
 
                                              Notes and Constraints
                                              • Only the default container network configuration supports dynamic pre-binding of container NICs. When the quota of node NICs is used up, the pod that uses the custom container network configuration attempts to unbind the pre-bound NIC of the default container network configuration, leading to slower pod startup. Therefore, if you need to frequently use the custom container network configuration, disable dynamic pre-binding of global container NICs in the target cluster. If you require high-speed pod elasticity using the default container network configuration, properly plan dynamic pre-binding of container NICs in the target node pool based on scheduling.
                                              • If a workload with a fixed IP address needs to be associated with a new container network configuration, the fixed IP address will be invalid when pods are rebuilt. In this case, delete the workload, release the fixed IP address, and create a workload again.
                                              • Before deleting a custom container network configuration, delete the pods (with the cni.yangtse.io/network-status annotation) created using the configuration in the target namespace. For details, see Deleting a Container Network Configuration.
                                              
 
                                              
-
                                              Using the CCE Console to Create a Container Network Configuration of the Namespace Type
                                              1. Log in to the CCE console.
                                              2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                              3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.
                                                • Name: Enter a name that contains a maximum of 253 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the namespace type, select Namespace.
                                                • Namespace: Select the namespace to be associated. The namespaces associated with different container network configurations must be unique. If no namespace is available, click Create Namespace to create one.
                                                • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. A maximum of 20 subnets can be selected.
                                                • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                
+
                                                Operations on the Console for the Namespace Type
                                                1. Log in to the CCE console.
                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                                3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.
                                                  • Name: Enter a name that contains a maximum of 63 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                  • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the namespace type, select Namespace.
                                                  • Namespace: Select the namespace to be associated. The namespaces associated with different container network configurations must be unique. If no namespace is available, click Create Namespace to create one.
                                                  • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. 
                                                  • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                  
 
                                                4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                                
 
                                                
-
                                                Using the CCE Console to Create a Container Network Configuration of the Workload Type
                                                1. Log in to the CCE console.
                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                                3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.
                                                  • Name: Enter a name that contains a maximum of 253 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                  • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the workload type, select Workload.
                                                  • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button. A maximum of 20 subnets can be selected.
                                                  • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                  
-
                                                4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                                5. When creating a workload, you can select a custom container network configuration.
                                                  1. In the navigation pane, choose Workloads. In the right pane, click the Deployments tab.
                                                  2. Click Create Workload in the upper right corner of the page. In the Advanced Settings area, choose Network Configuration and determine whether to enable a specified container network configuration.
                                                  3. Select an existing container network configuration. If no configuration is available, click Add to create one.
                                                  4. After the configuration, click Create Workload.
                                                    Return to the Settings page. In the container network configuration list, the name of the resource associated with the created container network configuration is displayed.
                                                    
-
                                                  
-
                                                
-
                                                
-
                                                Using Kubectl to Create a Container Network Configuration of the Namespace Type
                                                This section describes how to use kubectl to create a container network configuration of the namespace type.
                                                
-
                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                2. Modify the networkattachment-test.yaml file.
                                                  vi networkattachment-test.yaml
                                                  
-
                                                  apiVersion: k8s.cni.cncf.io/v1
+
                                                  Operations Using kubectl for the Namespace Type
                                                  This section describes how to use kubectl to create a container network configuration of the namespace type.
                                                  
+
                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                  2. Modify the networkattachment-test.yaml file.
                                                    vi networkattachment-test.yaml
                                                    
+
                                                    Example file content:
                                                    
+
                                                    apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
 metadata:
   annotations:
@@ -82,187 +79,193 @@ spec:
     }
    }
                                                    
 
-
                                                    Table 2 Key parameters
                                                    Parameter
                                                    
+
                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                    Table 2 Key parameters
                                                    Parameter
                                                    
 
                                                    Mandatory
                                                    
+
                                                    Mandatory
                                                    
 
                                                    Type
                                                    
+
                                                    Type
                                                    
 
                                                    Description
                                                    
+
                                                    Description
                                                    
                                                     		
 
                                                    
 
                                                    apiVersion
                                                    
+
                                                    apiVersion
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    String
                                                    
+
                                                    String
                                                    
 
                                                    API version. The value is fixed at k8s.cni.cncf.io/v1.
                                                    
+
                                                    API version. The value is fixed at k8s.cni.cncf.io/v1.
                                                    
                                                     		
 
                                                    kind
                                                    
+
                                                    kind
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    String
                                                    
+
                                                    String
                                                    
 
                                                    Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.
                                                    
+
                                                    Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.
                                                    
                                                     		
 
                                                    yangtse.io/project-id
                                                    
+
                                                    yangtse.io/project-id
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    String
                                                    
+
                                                    String
                                                    
 
                                                    Project ID.
                                                    
+
                                                    Project ID in the current region. For details, see .
                                                    
                                                     		
 
                                                    name
                                                    
+
                                                    name
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    String
                                                    
+
                                                    String
                                                    
 
                                                    Configuration item name.
                                                    
+
                                                    Configuration item name.
                                                    
                                                     		
 
                                                    namespace
                                                    
+
                                                    namespace
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    String
                                                    
+
                                                    String
                                                    
 
                                                    Namespace of the configuration resource. The value is fixed to kube-system.
                                                    
+
                                                    Namespace of the configuration resource. The value is fixed to kube-system.
                                                    
                                                     		
 
                                                    config
                                                    
+
                                                    config
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    Table 3 object
                                                    
+
                                                    Table 3 object
                                                    
 
                                                    Configuration content, which is a string in JSON format.
                                                    
+
                                                    Configuration content, which is a string in JSON format.
                                                    
                                                     		
 
                                                    
                                                     
 
                                                    
 
                                                    
 
-
                                                    Table 3 config parameters
                                                    Parameter
                                                    
+
                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                    Table 3 config parameters
                                                    Parameter
                                                    
 
                                                    Mandatory
                                                    
+
                                                    Mandatory
                                                    
 
                                                    Type
                                                    
+
                                                    Type
                                                    
 
                                                    Description
                                                    
+
                                                    Description
                                                    
                                                     		
 
                                                    
 
                                                    type
                                                    
+
                                                    type
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    String
                                                    
+
                                                    String
                                                    
 
                                                    The value is fixed at eni-neutron.
                                                    
+
                                                    The value is fixed at eni-neutron.
                                                    
                                                     		
 
                                                    args
                                                    
+
                                                    args
                                                    
 
                                                    No
                                                    
+
                                                    No
                                                    
 
                                                    Table 4
                                                    
-
                                                    object
                                                    
+
                                                    Table 4
                                                    
+
                                                    object
                                                    
 
                                                    Configuration parameters.
                                                    
+
                                                    Configuration parameters.
                                                    
                                                     		
 
                                                    selector
                                                    
+
                                                    selector
                                                    
 
                                                    No
                                                    
+
                                                    No
                                                    
 
                                                    Table 5 object
                                                    
+
                                                    Table 5 object
                                                    
 
                                                    Namespace on which the configuration takes effect.
                                                    
+
                                                    Namespace in which the configuration takes effect.
                                                    
                                                     		
 
                                                    
                                                     
 
                                                    
 
                                                    
 
-
                                                    Table 4 args parameters
                                                    Parameter
                                                    
+
                                                    
-
-
-
-
-
-
-
-
-
-
-
                                                    Table 4 args parameters
                                                    Parameter
                                                    
 
                                                    Mandatory
                                                    
+
                                                    Mandatory
                                                    
 
                                                    Type
                                                    
+
                                                    Type
                                                    
 
                                                    Description
                                                    
+
                                                    Description
                                                    
                                                     		
 
                                                    
 
                                                    securityGroups
                                                    
+
                                                    securityGroups
                                                    
 
                                                    No
                                                    
+
                                                    No
                                                    
 
                                                    String
                                                    
+
                                                    String
                                                    
 
                                                    Security group ID. If no security group is planned, ensure that the security group is the same as that in default-network.
                                                    
-
                                                    How to obtain:
                                                    
-
                                                    Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.
                                                    
+
                                                    Security group ID. If no security group is planned, ensure that the security group is the same as that in default-network.
                                                    
+
                                                    How to obtain:
                                                    
+
                                                    Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.
                                                    
                                                     		
 
                                                    subnets
                                                    
+
                                                    subnets
                                                    
 
                                                    Yes
                                                    
+
                                                    Yes
                                                    
 
                                                    Array of subnetID Objects
                                                    
+
                                                    Array of subnetID Objects
                                                    
 
                                                    List of container subnet IDs. At least one subnet ID must be entered. The format is as follows:
                                                    
-
                                                    [{"subnetID":"27d95**"},{"subnetID":"827bb**"},{"subnetID":"bdd6b**"}]
                                                    
-
                                                    Subnet ID not used by the cluster in the same VPC.
                                                    
-
                                                    How to obtain:
                                                    
-
                                                    Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.
                                                    
+
                                                    List of container subnet IDs. At least one subnet ID must be entered. The format is as follows:
                                                    
+
                                                    [{"subnetID":"27d95**"},{"subnetID":"827bb**"},{"subnetID":"bdd6b**"}]
                                                    
+
                                                    Subnet ID not used by the cluster in the same VPC.
                                                    
+
                                                    How to obtain:
                                                    
+
                                                    Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.
                                                    
                                                     		
 
                                                    
                                                     
 
                                                    
 
                                                    
 
-
                                                    Table 5 selector parameters
                                                    Parameter
                                                    
+
                                                    
-
-
-
-
-
-
-
                                                    Table 5 selector parameters
                                                    Parameter
                                                    
 
                                                    Mandatory
                                                    
+
                                                    Mandatory
                                                    
 
                                                    Type
                                                    
+
                                                    Type
                                                    
 
                                                    Description
                                                    
+
                                                    Description
                                                    
                                                     		
 
                                                    
 
                                                    namespaceSelector
                                                    
+
                                                    namespaceSelector
                                                    
 
                                                    No
                                                    
+
                                                    No
                                                    
 
                                                    matchLabels Object
                                                    
+
                                                    matchLabels object
                                                    
 
                                                    A Kubernetes standard selector. Enter the namespace label in the following format:
                                                    
-
                                                    "matchLabels":{
+
                                                    A Kubernetes standard selector. Enter the namespace label in the following format:
                                                    
+
                                                    "matchLabels":{
           "kubernetes.io/metadata.name":"default"
         }
                                                    
-
                                                    The namespaces of different configurations cannot overlap.
                                                    
+
                                                    The namespaces of different configurations cannot overlap.
                                                    
                                                     		
 
                                                    
                                                     
 
                                                    
 
                                                    
-
                                                  3. Create a NetworkAttachmentDefinition.
                                                    kubectl create -f networkattachment-test.yaml
                                                    
-
                                                    If information similar to the following is displayed, the NetworkAttachmentDefinition has been created.
                                                    
-
                                                    networkattachmentdefinition.k8s.cni.cncf.io/example created
                                                    
+
                                                  4. Create the container network configuration.
                                                    kubectl create -f networkattachment-test.yaml
                                                    
+
                                                    If information similar to the following is displayed, the configuration has been created:
                                                    
+
                                                    networkattachmentdefinition.k8s.cni.cncf.io/example created
                                                    
 
                                                    5. 
 
-
                                                    Using Kubectl to Create a Container Network Configuration of the Workload Type
                                                    This section describes how to use kubectl to create a container network configuration of the workload type.
                                                    
-
                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                    2. Modify the networkattachment-test.yaml file.
                                                      vi networkattachment-test.yaml
                                                      
+
                                                      Operations on the Console for the Workload Type
                                                      1. Log in to the CCE console.
                                                      2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Network tab.
                                                      3. View the Container Network Security Policy Configuration (Namespace Level) and click Add. In the window that is displayed, configure parameters such as the pod subnet and security group.
                                                        • Name: Enter a name that contains a maximum of 63 characters. Do not use default-network, default, mgnt0, or mgnt1.
                                                        • Associated Resource Type: resource type associated with the custom container network configuration. For details, see Table 1. To create a container network configuration of the workload type, select Workload.
                                                        • Pod Subnet: Select a subnet. If no subnet is available, click Create Subnet to create one. After the subnet is created, click the refresh button.
                                                        • Associate Security Group: The default value is the container ENI security group. You can also click Create Security Group to create one. After the security group is created, click the refresh button. A maximum of five security groups can be selected.
                                                        
+
                                                      4. Click OK. After the creation, you will be redirected to the custom container network configuration list, where the new container network configuration is included.
                                                      5. When creating a workload, you can select a custom container network configuration.
                                                        1. Choose Workloads in the navigation pane. In the right pane, click the Deployments tab.
                                                        2. Click Create Workload in the upper right corner of the page. In the Advanced Settings area, choose Network Configuration and determine whether to enable a specified container network configuration.
                                                        3. Select an existing container network configuration. If no configuration is available, click Add to create one.
                                                        4. After the configuration, click Create Workload.
                                                          Return to the Settings page. In the container network configuration list, the name of the resource associated with the created container network configuration is displayed.
                                                          
+
                                                        
+
                                                      
+
                                                      
+
                                                      Operations Using kubectl for the Workload Type
                                                      This section describes how to use kubectl to create a container network configuration of the workload type.
                                                      
+
                                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                      2. Modify the networkattachment-test.yaml file.
                                                        vi networkattachment-test.yaml
                                                        
+
                                                        Example file content:
                                                        
 
                                                        apiVersion: k8s.cni.cncf.io/v1
 kind: NetworkAttachmentDefinition
 metadata:
@@ -284,145 +287,145 @@ spec:
     }
    }
                                                        
 
-
                                                        Table 6 Key parameters
                                                        Parameter
                                                        
+
                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                        Table 6 Key parameters
                                                        Parameter
                                                        
 
                                                        Mandatory
                                                        
+
                                                        Mandatory
                                                        
 
                                                        Type
                                                        
+
                                                        Type
                                                        
 
                                                        Description
                                                        
+
                                                        Description
                                                        
                                                         		
 
                                                        
 
                                                        apiVersion
                                                        
+
                                                        apiVersion
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        String
                                                        
+
                                                        String
                                                        
 
                                                        API version. The value is fixed at k8s.cni.cncf.io/v1.
                                                        
+
                                                        API version. The value is fixed at k8s.cni.cncf.io/v1.
                                                        
                                                         		
 
                                                        kind
                                                        
+
                                                        kind
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        String
                                                        
+
                                                        String
                                                        
 
                                                        Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.
                                                        
+
                                                        Type of the object to be created. The value is fixed at NetworkAttachmentDefinition.
                                                        
                                                         		
 
                                                        yangtse.io/project-id
                                                        
+
                                                        yangtse.io/project-id
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        String
                                                        
+
                                                        String
                                                        
 
                                                        Project ID.
                                                        
+
                                                        Project ID in the current region. 
                                                        
                                                         		
 
                                                        name
                                                        
+
                                                        name
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        String
                                                        
+
                                                        String
                                                        
 
                                                        Configuration item name.
                                                        
+
                                                        Configuration item name.
                                                        
                                                         		
 
                                                        namespace
                                                        
+
                                                        namespace
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        String
                                                        
+
                                                        String
                                                        
 
                                                        Namespace of the configuration resource. The value is fixed to kube-system.
                                                        
+
                                                        Namespace of the configuration resource. The value is fixed to kube-system.
                                                        
                                                         		
 
                                                        config
                                                        
+
                                                        config
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        Table 3 object
                                                        
+
                                                        Table 7 object
                                                        
 
                                                        Configuration content, which is a string in JSON format.
                                                        
+
                                                        Configuration content, which is a string in JSON format.
                                                        
                                                         		
 
                                                        
                                                         
 
                                                        
 
                                                        
 
-
                                                        
-
@@ -154,6 +160,8 @@
 
                                                        Table 7 config parameters
                                                        Parameter
                                                        
+
                                                        
-
-
-
-
-
-
-
-
-
-
-
                                                        Table 7 config parameters
                                                        Parameter
                                                        
 
                                                        Mandatory
                                                        
+
                                                        Mandatory
                                                        
 
                                                        Type
                                                        
+
                                                        Type
                                                        
 
                                                        Description
                                                        
+
                                                        Description
                                                        
                                                         		
 
                                                        
 
                                                        type
                                                        
+
                                                        type
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        String
                                                        
+
                                                        String
                                                        
 
                                                        The value is fixed at eni-neutron.
                                                        
+
                                                        The value is fixed at eni-neutron.
                                                        
                                                         		
 
                                                        args
                                                        
+
                                                        args
                                                        
 
                                                        No
                                                        
+
                                                        No
                                                        
 
                                                        Table 4
                                                        
+
                                                        Table 8
                                                        
 
                                                        object
                                                        
 
                                                        Configuration parameters.
                                                        
+
                                                        Configuration parameters.
                                                        
                                                         		
 
                                                        
                                                         
 
                                                        
 
                                                        
 
-
                                                        
-
+
+
+
@@ -67,7 +72,7 @@
 
                                                        Cluster Upgrade Process
                                                        The cluster upgrade process involves pre-upgrade check, backup, upgrade, and post-upgrade verification.
                                                        
-
                                                        Figure 1 Process of upgrading a cluster
                                                        
+
                                                        Figure 1 Process of upgrading a cluster
                                                        
 
                                                        After determining the target version of the cluster, read the precautions carefully and prevent function incompatibility during the upgrade.
                                                        
 
                                                        1. Pre-upgrade check
                                                          Before a cluster upgrade, CCE checks mandatory items such as the cluster status, add-ons, and nodes to ensure that the cluster meets the upgrade requirements. For more details, see Pre-upgrade Check. If any check item is abnormal, rectify the fault as prompted on the console.
                                                          
 
                                                        2. Backup
                                                          You can use disk snapshots to back up master node data, including CCE component images, component configurations, and etcd data. Back up data before an upgrade. If unexpected cases occur during an upgrade, you can use the backup to quickly restore the cluster.
                                                          
@@ -116,10 +121,11 @@
 
                                                        Table 8 args parameters
                                                        Parameter
                                                        
+
                                                        
-
-
-
-
-
-
-
-
-
-
-
                                                        Table 8 args parameters
                                                        Parameter
                                                        
 
                                                        Mandatory
                                                        
+
                                                        Mandatory
                                                        
 
                                                        Type
                                                        
+
                                                        Type
                                                        
 
                                                        Description
                                                        
+
                                                        Description
                                                        
                                                         		
 
                                                        
 
                                                        securityGroups
                                                        
+
                                                        securityGroups
                                                        
 
                                                        No
                                                        
+
                                                        No
                                                        
 
                                                        String
                                                        
+
                                                        String
                                                        
 
                                                        Security group ID. If no security group is planned, ensure that the security group is the same as that in default-network.
                                                        
+
                                                        Security group ID. If no security group is planned, ensure that the security group is the same as that in default-network.
                                                        
 
                                                        How to obtain:
                                                        
-
                                                        Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.
                                                        
+
                                                        Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups. Click the target security group name and copy the ID on the Summary tab page.
                                                        
                                                         		
 
                                                        subnets
                                                        
+
                                                        subnets
                                                        
 
                                                        Yes
                                                        
+
                                                        Yes
                                                        
 
                                                        Array of subnetID Objects
                                                        
+
                                                        Array of subnetID Objects
                                                        
 
                                                        List of container subnet IDs. At least one subnet ID must be entered. The format is as follows:
                                                        
+
                                                        List of container subnet IDs. At least one subnet ID must be entered. The format is as follows:
                                                        
 
                                                        [{"subnetID":"27d95**"},{"subnetID":"827bb**"},{"subnetID":"bdd6b**"}]
                                                        
 
                                                        Subnet ID not used by the cluster in the same VPC.
                                                        
 
                                                        How to obtain:
                                                        
-
                                                        Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.
                                                        
+
                                                        Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. Click the target subnet name and copy the Subnet ID on the Summary tab page.
                                                        
                                                         		
 
                                                        
                                                         
 
                                                        
 
                                                        
-
                                                      3. Create a NetworkAttachmentDefinition.
                                                        kubectl create -f networkattachment-test.yaml
                                                        
+
                                                      4. Create a NetworkAttachmentDefinition.
                                                        kubectl create -f networkattachment-test.yaml
                                                        
 
                                                        If information similar to the following is displayed, the NetworkAttachmentDefinition has been created.
                                                        
 
                                                        networkattachmentdefinition.k8s.cni.cncf.io/example created
                                                        
 
                                                      5. Create a Deployment workload and associate it with the newly created container network configuration.
                                                        apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0197.html b/docs/cce/umn/cce_10_0197.html
index 612c3682a..b9c23fcca 100644
--- a/docs/cce/umn/cce_10_0197.html
+++ b/docs/cce/umn/cce_10_0197.html
@@ -54,7 +54,12 @@
 
                                                        6. 
 
                                                        v1.28
                                                        
 
                                                        1.29
                                                        
+
                                                        v1.29
                                                        
+
                                                        v1.29
                                                        
+
                                                        v1.30
                                                        
                                                         		
 
                                                        
 
 
 
                                                        
 
                                                        
 
                                                      6. Configuration and upgrade
                                                        Configure parameters before an upgrade. CCE has provided default settings, which can be modified as needed. After the configuration, upgrade add-ons, master nodes, and worker nodes in sequence.
                                                        
-
                                                        • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, CCE automatically upgrades the selected add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.
                                                           
                                                          If an add-on is marked with  on its right side, the add-on cannot be compatible with both the source and target versions of the cluster upgrade. In this case, CCE will upgrade the add-on after the cluster upgrade. The add-on may be unavailable during the cluster upgrade.
                                                          
+
                                                          • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, CCE automatically upgrades the selected add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.
                                                             
                                                            If an add-on is marked with  on its right side, the add-on cannot be compatible with both the source and target versions of the cluster upgrade. In this case, CCE will upgrade the add-on after the cluster upgrade. The add-on may be unavailable during the cluster upgrade.
                                                            
 
                                                            
 
                                                          • Node Upgrade Configuration
                                                            • Max. Nodes for Batch Upgrade: You can configure the maximum number of nodes to be upgraded in a batch.
                                                              Node pools will be upgraded in sequence. Nodes in node pools will be upgraded in batches. One node is upgraded in the first batch, two nodes in the second batch, and the number of nodes to be upgraded in each subsequent batch increases by a power of 2 until the maximum number of nodes to be upgraded in each batch is reached. The next cluster is upgraded after the previous one is upgraded. By default, 20 nodes are upgraded in a batch, and the number can be increased to the maximum of 60.
                                                              
 
                                                            • Node Priority: You can customize node upgrade priorities. If the priorities are not specified, CCE will perform the upgrade based on the priorities generated by the default policy.
                                                              • Add Upgrade Priority: You can custom the priorities for upgrading node pools. If the priorities are not specified, CCE will preferentially upgrade the node pool with the least number of nodes based on the default policy.
                                                              • Add Node Priority: You can custom the priorities for upgrading nodes in a node pool. If the priorities are not specified, CCE will preferentially upgrade the node with lightest load (calculated based on the number of pods, resource request rate, and number of PVs) based on the default policy.
                                                              
+
                                                            • Scope of Node Upgrade Batches: By default, this parameter is set to a cluster, but it can be customized.
                                                              • If the scope is set to a cluster, the upgrade batch will remain unchanged throughout the entire upgrade process.
                                                              • If the scope is set to node pools, the upgrade batch will be reset for each node pool separately.
                                                              
 
                                                            
 
                                                          
 
                                                        • Post-upgrade verification
                                                          After an upgrade, CCE will automatically check items including the cluster status and node status. You need to manually check services, new nodes, and new pods to ensure that the cluster functions properly after the upgrade. For details, see Performing Post-Upgrade Verification.
                                                          
@@ -145,7 +151,7 @@
 
 
                                                        • Node OSs are not upgraded.
                                                        • The add-ons that are incompatible with the target cluster version will be automatically upgraded.
                                                        • Kubernetes components will be automatically upgraded.
                                                        
 
                                                        The one-click upgrade does not need to migrate services, which ensures service continuity.
                                                        
+
                                                        The one-click upgrade does not need to migrate services. This ensures service continuity.
                                                        
                                                         		
 
                                                        In-place upgrade is supported only in clusters of v1.15 or later.
                                                        
 
                                                        
 
                                                        
 
+
                                                        Reference
                                                        For details about how to upgrade node OSs, see Upgrading an OS.
                                                        
+
                                                        
 
 
                                                        
 
                                                        
diff --git a/docs/cce/umn/cce_10_0198.html b/docs/cce/umn/cce_10_0198.html
index 008d1e106..4df16333b 100644
--- a/docs/cce/umn/cce_10_0198.html
+++ b/docs/cce/umn/cce_10_0198.html
@@ -8,39 +8,44 @@
 
                                                        Notes and Constraints
                                                        • ECSs can be managed.
                                                        
 
                                                        
 
                                                        Prerequisites
                                                        The cloud servers to be managed must meet the following requirements:
                                                        
-
                                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                        • Data disks must be attached to the nodes to be managed. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                        • Only cloud servers with the same data disk configurations can be added in batches.
                                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                        
+
                                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                        • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                        • Only cloud servers with the same data disk configuration can be accepted in batches for management.
                                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                        
 
                                                        
 
                                                        Procedure
                                                        1. Log in to the CCE console and go to the cluster where the node to be accepted resides.
                                                        2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab and then Accept Node in the upper right corner.
                                                        3. Specify node parameters.
                                                          Configurations
                                                          
 
-
                                                          Table 1 Node configuration parameters
                                                          Parameter
                                                          
+
                                                          
-
-
-
+
+
+
-
-
-
-
-
-
@@ -50,7 +55,7 @@
 
                                                          Storage Settings
                                                          Configure storage resources on a node for the containers running on it.
-
                                                          Table 1 Node configuration parameters
                                                          Parameter
                                                          
 
                                                          Description
                                                          
+
                                                          Description
                                                          
                                                           		
 
                                                          
 
                                                          Specifications
                                                          
+
                                                          Node Pool
                                                          
 
                                                          Click Select Cloud Server and select the servers to be accepted.
                                                          
+
                                                          • Default node pool: You can add nodes that meet the management requirements to the default node pool of the cluster.
                                                          • Custom node pool: You only need to select the nodes that meet the management requirements. These nodes will use the basic, network, and advanced settings of the custom node pool. You do not need to configure other parameters. For details, see Accepting Nodes in a Node Pool.
                                                          
+
                                                          Specifications
                                                          
+
                                                          Click Select Cloud Server and select the servers to be accepted.
                                                          
 
                                                          You can select multiple cloud servers for batch management. However, only the cloud servers with the same specifications, AZ, and data disk configuration can be added in batches.
                                                          
 
                                                          If a cloud server contains multiple data disks, select one of them for the container runtime and kubelet.
                                                          
                                                           		
 
                                                          Container Engine
                                                          
+
                                                          Container Engine
                                                          
 
                                                          The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.
                                                          
+
                                                          The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping Between Node OSs and Container Engines.
                                                          
                                                           		
 
                                                          OS
                                                          
+
                                                          OS
                                                          
 
                                                          Select an OS type. Different types of nodes support different OSs.
                                                          • Public image: Select a public image for the node.
                                                          • Private image: Select a private image for the node. 
                                                          
+
                                                          Select an OS type. Different types of nodes support different OSs.
                                                          • Public image: Select a public image for the node.
                                                          • Private image: Select a private image for the node. 
                                                          
 
                                                           NOTE: 
                                                          Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.
                                                          
 
                                                          
 
                                                          
                                                           		
 
                                                          Login Mode
                                                          
+
                                                          Login Mode
                                                          
 
                                                          • Key Pair
                                                            Select the key pair used to log in to the node. You can select a shared key.
                                                            
+
                                                          • Key Pair
                                                            Select the key pair used to log in to the node. You can select a shared key.
                                                            
 
                                                            A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                            
 
                                                          
                                                           		
 
 
                                                          Table 2 Storage configuration parameters
                                                          Parameter
                                                          
+
                                                          
@@ -61,10 +66,19 @@
 
+
+
+
-
@@ -83,20 +97,20 @@
 
@@ -109,20 +123,20 @@
 
-
-
                                                          Table 2 Configuration parameters
                                                          Parameter
                                                          
                                                           		
 
                                                          Description
                                                          
 
                                                          Directly use the system disk of the cloud server.
                                                          
                                                           		
 
                                                          System Component Storage
                                                          
+
                                                          Select a disk for storing system components.
                                                          
+
                                                          • Data Disk: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                          • System Disk: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.
                                                          
+
                                                           NOTE: 
                                                          In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If CCE Node Problem Detector is used, ensure that its version is 1.19.2 or later.
                                                          
+
                                                          
+
                                                          
 
                                                          Data Disk
                                                          
 
                                                          At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                          
-
                                                          Click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                          
+
                                                          At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                          
+
                                                          In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk.
                                                          
+
                                                          Click Expand to configure Data Disk Space Allocation, which is used to allocate space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                          
 
                                                          For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory. 
                                                          
                                                           		
 
                                                          Resource Tag
                                                          
                                                           		
 
                                                          You can add resource tags to classify resources. A maximum of eight resource tags can be added.
                                                          
-
                                                          You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                          
-
                                                          CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                          
+
                                                          You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                          
+
                                                          CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                          
                                                           		
 
                                                          
 
                                                          Kubernetes Label
                                                          
                                                           		
 
                                                          Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.
                                                          
-
                                                          Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                          
+
                                                          Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                          
                                                           		
 
                                                          
 
                                                          Taint
                                                          
                                                           		
 
                                                          This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                          • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                          • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
                                                          • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                          
-
                                                           NOTICE: 
                                                          • If taints are used, you must configure tolerations in the YAML files of pods. Otherwise, scale-up may fail or pods cannot be scheduled onto the added nodes.
                                                          • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.
                                                          
+
                                                           NOTICE: 
                                                          • If taints are used, you must configure tolerations of pods. Otherwise, a scale-out may fail or pods cannot be scheduled onto the added nodes.
                                                          • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.
                                                          
 
                                                          
 
                                                          
 
                                                          
 
                                                          Pre-installation Command
                                                          
 
                                                          Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                          
+
                                                          Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                          
 
                                                          The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                          
                                                           		
 
                                                          
 
                                                          Post-installation Command
                                                          
 
                                                          Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                          
+
                                                          Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                          
 
                                                          The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                                          
                                                           		
 
                                                          
                                                           
 
                                                          
 
                                                          
-
                                                        4. Click Next: Confirm. Click Submit.
                                                          5. 
+
                                                        5. Click Next: Confirm and click Submit.
                                                          6. 
 
 
 
                                                          
diff --git a/docs/cce/umn/cce_10_0201.html b/docs/cce/umn/cce_10_0201.html
index 02be89b53..8a410bfa9 100644
--- a/docs/cce/umn/cce_10_0201.html
+++ b/docs/cce/umn/cce_10_0201.html
@@ -2,7 +2,7 @@
 
 
                                                          Monitoring Custom Metrics on AOM
                                                          
 
                                                          CCE allows you to upload custom metrics to AOM. ICAgent on a node periodically calls the metric monitoring API configured on a workload to read monitoring data and then uploads the data to AOM.
                                                          
-
                                                          Figure 1 Using ICAgent to collect monitoring metrics
                                                          
+
                                                          Figure 1 Using ICAgent to collect monitoring metrics
                                                          
 
                                                          The custom metric API of a workload can be configured when the workload is created. The following procedure uses an Nginx application as an example to describe how to report custom metrics to AOM.
                                                          
 
                                                          1. Preparing an Application
                                                            Prepare an application image. The application must provide a metric monitoring API for ICAgent to collect data, and the monitoring data must comply with the Prometheus specifications.
                                                            
 
                                                          2. Deploying Applications and Converting Nginx Metrics
                                                            Use the application image to deploy a workload in a cluster. Custom metrics are automatically reported.
                                                            
@@ -58,7 +58,7 @@ ADD nginx.conf /etc/nginx/nginx.conf
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]
 
                                                          
-
                                                        6. Use this Dockerfile to build an image and upload it to SWR. The image name is nginx:exporter. 
                                                          1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. On the displayed dialog box, click Generate a temporary login command and click  to copy the command.
                                                          2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                          3. Run the following command to build an image named nginx. The image version is exporter.
                                                            docker build -t nginx:exporter .
                                                            
+
                                                          4. Use this Dockerfile to create an image and upload it to SWR. The image name is nginx:exporter. 
                                                            1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. In the displayed dialog box, click Generate a temporary login command. Then, click  to copy the command.
                                                            2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                            3. Run the following command to build an image named nginx. The image version is exporter.
                                                              docker build -t nginx:exporter .
                                                              
 
                                                            4. Tag the image and upload it to the image repository. Change the image repository address and organization name based on your requirements.
                                                              docker tag nginx:exporter {swr-address}/{group}/nginx:exporter
 docker push {swr-address}/{group}/nginx:exporter
                                                              
 
                                                            
@@ -71,7 +71,7 @@ Reading: 0 Writing: 1 Waiting: 2
 
                                                          
 
                                                          7. 
 
                                                          Deploying Applications and Converting Nginx Metrics
                                                          The format of the monitoring data provided by nginx:exporter does not meet the requirements of Prometheus. Convert the data format to the format required by Prometheus. To convert the format of Nginx metrics, use nginx-prometheus-exporter, as shown in the following figure.
                                                          
-
                                                          Figure 2 Using exporter to convert the data format
                                                          
+
                                                          Figure 2 Using exporter to convert the data format
                                                          
 
                                                          Deploy nginx:exporter and nginx-prometheus-exporter in the same pod.
                                                          
 
                                                          kind: Deployment
 apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0205.html b/docs/cce/umn/cce_10_0205.html
index bb876cc8a..5edfbbb4f 100644
--- a/docs/cce/umn/cce_10_0205.html
+++ b/docs/cce/umn/cce_10_0205.html
@@ -1,55 +1,29 @@
 
 
 
                                                          Kubernetes Metrics Server
                                                          
-
                                                          From version 1.8 onwards, Kubernetes provides resource usage metrics, such as the container CPU and memory usage, through the Metrics API. These metrics can be directly accessed by users (for example, by using the kubectl top command) or used by controllers (for example, Horizontal Pod Autoscaler) in a cluster for decision-making. The specific component is metrics-server, which is used to substitute for Heapster for providing the similar functions. Heapster has been gradually abandoned since v1.11.
                                                          
+
                                                          From version 1.8 onwards, Kubernetes provides resource usage metrics, such as the container CPU and memory usage, through the Metrics API. These metrics can be directly accessed by users (for example, by using the kubectl top command) or used by controllers (for example, Horizontal Pod Autoscaler) in a cluster for decision-making. The specific component is metrics-server, which is used to substitute for heapster for providing the similar functions. heapster has been gradually abandoned since v1.11.
                                                          
 
                                                          metrics-server is an aggregator for monitoring data of core cluster resources. You can quickly install this add-on on the CCE console.
                                                          
 
                                                          After installing this add-on, you can create HPA policies. For details, see Creating an HPA Policy.
                                                          
 
                                                          The official community project and documentation are available at https://github.com/kubernetes-sigs/metrics-server.
                                                          
-
                                                          Installing the Add-on
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Kubernetes Metrics Server on the right, and click Install.
                                                          2. On the Install Add-on page, configure the specifications.
                                                            
-
                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                            Table 1 Add-on configuration
                                                            Parameter
                                                            
-
                                                            Description
                                                            
-
                                                            Add-on Specifications
                                                            
-
                                                            Select Single, Custom, or HA for Add-on Specifications.
                                                            
-
                                                            Pods
                                                            
-
                                                            Number of pods that will be created to match the selected add-on specifications.
                                                            
-
                                                            If you select Custom, you can adjust the number of pods as required.
                                                            
-
                                                            High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                            
-
                                                            Containers
                                                            
-
                                                            CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                            
-
                                                            If you select Custom, you can adjust the container specifications as required.
                                                            
-
                                                            
-
                                                            
-
                                                          3. Configure scheduling policies for the add-on.
                                                             
                                                            • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                            • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                            
+
                                                            Installing the Add-on
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Kubernetes Metrics Server on the right, and click Install.
                                                            2. On the Install Add-on page, configure the specifications as needed.
                                                              • If you selected Preset, you can choose between Small or Large as needed. The system will automatically set the number of add-on pods and resource quotas according to the preset specifications. You can see the configurations on the console.
                                                                With the Small option selected, the add-on lacks HA capabilities, while with the Large option selected, the add-on has HA capabilities. However, deploying multiple pods requires more compute resources.
                                                                
+
                                                              • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                              
+
                                                            3. Configure deployment policies for the add-on pods.
                                                               
                                                              • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                              • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                              
 
                                                              
 
-
                                                              Table 2 Configurations for add-on scheduling
                                                              Parameter
                                                              
+
                                                              
-
-
-
@@ -66,7 +40,7 @@
 
                                                            4. Click Install.
                                                              5. Components
                                                              
-
                                                              Table 1 Configurations for add-on scheduling
                                                              Parameter
                                                              
                                                               		
 
                                                              Description
                                                              
                                                               		
 
                                                              
 
                                                              Multi AZ
                                                              
+
                                                              Multi-AZ Deployment
                                                              
 
                                                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                              • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                              • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                              
+
                                                              • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                              • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                              • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                              
                                                               		
 
                                                              
 
                                                              Node Affinity
                                                              
 
                                                              • Not configured: Node affinity is disabled for the add-on.
                                                              • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                              • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                              • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                                
+
                                                              • Not configured: Node affinity is disabled for the add-on.
                                                              • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                              • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                              • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                                
 
                                                              
                                                               		
 
                                                              
 
 
                                                              Table 3 Add-on components
                                                              Component
                                                              
+
                                                              
@@ -86,7 +60,7 @@
 
                                                              Change History
                                                              
-
                                                              Table 2 Add-on components
                                                              Component
                                                              
                                                               		
 
                                                              Description
                                                              
                                                               		
 
 
                                                              Table 4 Release history
                                                              Add-on Version
                                                              
+
                                                              
@@ -96,7 +70,22 @@
 
-
+
+
+
+
+
-
                                                              Table 3 Release history
                                                              Add-on Version
                                                              
                                                               		
 
                                                              Supported Cluster Version
                                                              
                                                               		
 
                                                              
 
                                                              1.3.60
                                                              
+
                                                              1.3.68
                                                              
+
                                                              v1.21
                                                              
+
                                                              v1.23
                                                              
+
                                                              v1.25
                                                              
+
                                                              v1.27
                                                              
+
                                                              v1.28
                                                              
+
                                                              v1.29
                                                              
+
                                                              v1.30
                                                              
+
                                                              CCE clusters 1.30 are supported.
                                                              
+
                                                              0.6.2
                                                              
+
                                                              1.3.60
                                                              
                                                               		
 
                                                              v1.21
                                                              
 
                                                              v1.23
                                                              
diff --git a/docs/cce/umn/cce_10_0208.html b/docs/cce/umn/cce_10_0208.html
index 56a76ba24..dd3daebc6 100644
--- a/docs/cce/umn/cce_10_0208.html
+++ b/docs/cce/umn/cce_10_0208.html
@@ -39,9 +39,9 @@
 
                                                              
 
                                                              System Policy
                                                              
 
                                                              • Metric: You can select CPU usage or Memory usage.
                                                                 NOTE: 
                                                                Usage = CPUs or memory used by pods/Requested CPUs or memory.
                                                                
+
                                                              • Metric: You can select CPU usage or Memory usage.
                                                                 NOTE: 
                                                                Usage = Average resource usage of all pods in a workload/Requested resources
                                                                
 
                                                                
-
                                                              • Desired Value: Enter the desired average resource usage.
                                                                This parameter indicates the desired value of the selected metric. Number of pods to be scaled (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                                
+
                                                              • Desired Value: Enter the desired average resource usage.
                                                                This parameter indicates the desired value of the selected metric. Number of target pods (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                                
 
                                                                 NOTE: 
                                                                When calculating the number of pods to be added or reduced, the HPA policy uses the maximum number of pods in the last 5 minutes.
                                                                
 
                                                                
 
                                                              • Tolerance Range: Scaling is not triggered when the metric value is within the tolerance range. The desired value must be within the tolerance range.
                                                                If the metric value is greater than the scale-in threshold and less than the scale-out threshold, no scaling is triggered. This parameter is supported only in clusters of v1.15 or later.
                                                                
diff --git a/docs/cce/umn/cce_10_0209.html b/docs/cce/umn/cce_10_0209.html
index 64fab30a5..a6b26c581 100644
--- a/docs/cce/umn/cce_10_0209.html
+++ b/docs/cce/umn/cce_10_0209.html
@@ -6,10 +6,10 @@
 
                                                                • If the scale-out succeeds for the unschedulable pods, the system skips the metric-based rule logic and enters the next loop.
                                                                • If the scale-out fails for the unschedulable pods, the metric-based rule is executed.
                                                                
 
                                                                Prerequisites
                                                                Before using the node scaling function, you must install the CCE Cluster Autoscaler add-on of v1.13.8 or later in the cluster.
                                                                
 
                                                                
-
                                                                Notes and Constraints
                                                                • If there are no nodes in a node pool, Autoscaler cannot obtain the CPU or memory data of the node, and the node scaling rule triggered using these metrics will not take effect.
                                                                • If the driver of a GPU node is not installed, Autoscaler determines that the node is not fully available and the node scaling rules triggered using the CPU or memory metrics will not take effect.
                                                                • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                                  • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affect cluster scaling.
                                                                  • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                                  
+
                                                                  Notes and Constraints
                                                                  • If there are no nodes in a node pool, Autoscaler cannot obtain the CPU or memory data of the node, and the node scaling rule triggered using these metrics will not take effect.
                                                                  • If the driver of a GPU node is not installed, Autoscaler determines that the node is not fully available and the node scaling rules triggered using the CPU or memory metrics will not take effect.
                                                                  • When Autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                                    • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native Autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the Autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                                                    • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by Autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                                    
 
                                                                  
 
                                                                  
-
                                                                  Configuring Node Pool Scaling Policies
                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                  2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                                    • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                                    • If Autoscaler has been installed, directly configure auto scaling policies.
                                                                    
+
                                                                    Configuring Node Pool Scaling Policies
                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                    2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                                      • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                                      • If Autoscaler has been installed, directly configure scaling policies.
                                                                      
 
                                                                    3. Configure auto scaling policies.
                                                                      AS Configuration
                                                                      
 
                                                                      • Customized Rule: Click Add Rule. In the dialog box displayed, configure parameters. You can add multiple node scaling policies, a maximum of one CPU usage-based rule, and one memory usage-based rule. The total number of rules cannot exceed 10.
                                                                        The following table lists custom rules.
 
                                                                        
-
diff --git a/docs/cce/umn/cce_10_0210.html b/docs/cce/umn/cce_10_0210.html
index d836d22f3..180822263 100644
--- a/docs/cce/umn/cce_10_0210.html
+++ b/docs/cce/umn/cce_10_0210.html
@@ -2,7 +2,7 @@
 
 
                                                                        Migrating Services Across Clusters of Different Versions
                                                                        Application Scenarios
                                                                        This section describes how to migrate services from a cluster of an earlier version to a cluster of a later version in CCE.
                                                                        
-
                                                                        This operation is applicable when a cross-version cluster upgrade is required (for example, upgrade from v1.7.* or v1.9.* to 1.17.*) and new clusters can be created for service migration.
                                                                        
+
                                                                        This operation is applicable when a cross-version cluster upgrade is required (for example, upgrade from v1.19.* to v1.28.*) and new clusters can be created for service migration.
                                                                        
 
                                                                        
 
                                                                        Prerequisites
                                                                        
 
                                                                        Table 1 Custom rules
                                                                        Rule Type
                                                                        
@@ -43,7 +43,7 @@
 
                                                                        • Specifications: Configure whether to enable auto scaling for node flavors in a node pool.
                                                                           
                                                                          If multiple flavors are configured for a node pool, you can specify the upper limit for the number of nodes and the priority for each flavor separately.
                                                                          
 
                                                                          
 
                                                                        
-
                                                                      • View cluster-level auto scaling configurations, which take effect for all node pools in the cluster. On this page, you can only view cluster-level auto scaling policies. To modify these policies, go to the Settings page. For details, see Configuring an Auto Scaling Policy for a Cluster.
                                                                      • After the configuration is complete, click OK.
                                                                        • 
+
                                                                      • View cluster-level auto scaling configurations, which take effect for all node pools in the cluster. On this page, you can only view cluster-level auto scaling policies. To modify these policies, go to the Settings page. For details, see Configuring an Auto Scaling Policy for a Cluster.
                                                                      • Click OK.
                                                                        • 
 
 
                                                                        Configuring an Auto Scaling Policy for a Cluster
                                                                         
                                                                        An auto scaling policy takes effect on all node pools in a cluster. After the policy is modified, the Autoscaler add-on will be restarted.
                                                                        
 
                                                                        
@@ -56,9 +56,9 @@
 
                                                                        Node Scale-in Policy
                                                                        • Number of Concurrent Scale-In Requests: maximum number of idle nodes that can be concurrently deleted. Default value: 10.
                                                                          Only idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.
                                                                           
                                                                          During a node scale-in, if the pods on the node do not need to be evicted (such as DaemonSet pods), the node is idle. Otherwise, the node is not idle.
                                                                          
 
                                                                          
 
                                                                          
-
                                                                        • Node Recheck Timeout: interval for rechecking a node that could not be removed. Default value: 5 minutes.
                                                                        • Cooldown Period
                                                                          • Scale-in Cooldown Time After Scale-out: Default value: 10 minutes.
                                                                             
                                                                            If both auto scale-out and scale-in exist in a cluster, set Scale-in Cooldown Time After Scale-out to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.
                                                                            
+
                                                                          • Node Recheck Timeout: interval for rechecking a node that could not be removed. Default value: 5 minutes.
                                                                          • Cooldown Time
                                                                            • Scale-in Cooldown Time After Node Deletion: cooldown period for starting scale-in evaluation again after an auto scale-in is triggered in a cluster. Default value: 10 minutes.
                                                                            • Scale-in Cooldown Time After Scale-out: cooldown period for starting scale-in evaluation again after an auto scale-out is triggered in a cluster. Default value: 10 minutes.
                                                                               
                                                                              If both auto scale-out and scale-in exist in a cluster, set Scale-in Cooldown Time After Scale-out to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.
                                                                              
 
                                                                              
-
                                                                            • Scale-in Cooldown Time After Node Deletion: Default value: 10 minutes.
                                                                            • Scale-in Cooldown Time After Failure: Default value: 3 minutes. For details, see Cooldown Period.
                                                                            
+
                                                                          • Scale-in Cooldown Time After Failure: cooldown period for starting scale-in evaluation again after an auto scale-in is failed in a cluster. Default value: 3 minutes. For details, see Cooldown Period.
                                                                          
 
                                                                        
 
                                                                        
 
                                                                      • Click Confirm configuration.
                                                                        • 
@@ -232,7 +232,7 @@ spec:
 
 
                                                                        String
                                                                        
 
                                                                        ID of the node pool associated with the scaling policy.
                                                                        
+
                                                                        UID of the node pool associated with the scaling policy.
                                                                        
                                                                         		
 
                                                                        
 
 
                                                                        
-
                                                                        Table 1 Checklist before migration
                                                                        Category
                                                                        
@@ -13,7 +13,7 @@
 
                                                                        
 
                                                                        Cluster
                                                                        
 
                                                                        NodeIP-related: Check whether node IP addresses (including EIPs) of the cluster before the migration have been used in other configurations or whitelists.
                                                                        
+
                                                                        NodeIP-related: Check whether node IP addresses (including EIPs) of the cluster before the migration have been used in other configurations or trustlists.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Workloads
                                                                        
@@ -49,7 +49,7 @@
 
                                                                      • Mount the storage again.
                                                                        Remount the existing storage in the workload. For details, see Using an Existing OBS Bucket Through a Static PV or Using an Existing SFS Turbo File System Through a Static PV.
                                                                        
 
                                                                      • Create a Service in the new cluster.
                                                                        The Service name and specifications remain unchanged. For details about how to create a Service, see Service.
                                                                        
 
                                                                      • Commission services.
                                                                        After all resources are created, commission the containerized services. If the commissioning is successful, migrate the services to the new cluster.
                                                                        
-
                                                                      • Delete the old cluster.
                                                                        When all functions of the new cluster are stable, delete the old cluster. For details about how to delete a cluster, see Deleting a Cluster.
                                                                        
+
                                                                      • Delete the old cluster.
                                                                        When all functions of the new cluster are stable, delete the old cluster. For details about how to delete a cluster, see Deleting a Cluster.
                                                                        
 
                                                                        • 
 
 
diff --git a/docs/cce/umn/cce_10_0212.html b/docs/cce/umn/cce_10_0212.html
index 63a8815bd..5c9a0855b 100644
--- a/docs/cce/umn/cce_10_0212.html
+++ b/docs/cce/umn/cce_10_0212.html
@@ -5,9 +5,65 @@
 
 
                                                                        Deleting a Cluster
                                                                         
                                                                        A hibernated cluster cannot be deleted. Wake up the cluster and try again.
                                                                        
 
                                                                        
-
                                                                        1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                        2. Locate the cluster to be deleted, click ... to view more operations on the cluster, and choose Delete.
                                                                        3. In the displayed Delete Cluster dialog box, select the resources to be released.
                                                                          • Delete cloud storage resources associated with workloads in the cluster.
                                                                             
                                                                            When deleting underlying cloud storage resources bound to storage volumes in a cluster, pay attention to following constraints:
                                                                            
+
                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                            2. Locate the cluster to be deleted, click ... to view more operations on the cluster, and choose Delete Cluster.
                                                                            3. In the displayed Delete Cluster dialog box, select the resources to be released.
                                                                              • Delete cloud storage resources associated with workloads in the cluster.
                                                                                 
                                                                                When deleting underlying cloud storage resources bound to storage volumes in a cluster, pay attention to following constraints:
                                                                                
 
                                                                                • The underlying storage resources are deleted according to the reclamation policy you defined for the storage volumes. For example, if the reclamation policy of storage volumes is Retain, the underlying storage resources will be retained after the cluster is deleted.
                                                                                • If there are more than 1000 files in the OBS bucket, manually clear the files and then delete the cluster.
                                                                                
 
                                                                                
+
                                                                                If the storage volume's reclamation policy is set to Retain, the following table lists the method of deleting PVs based on their type.
+
                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                PV Type
                                                                                
+
                                                                                Associated Underlying Storage
                                                                                
+
                                                                                Whether to Delete Underlying Storage
                                                                                
+
                                                                                EVS
                                                                                
+
                                                                                Disks
                                                                                
+
                                                                                Yes
                                                                                
+
                                                                                SFS
                                                                                
+
                                                                                SFS Capacity-Oriented
                                                                                
+
                                                                                Yes
                                                                                
+
                                                                                OBS
                                                                                
+
                                                                                OBS buckets or parallel file systems
                                                                                
+
                                                                                Yes
                                                                                
+
                                                                                SFS Turbo
                                                                                
+
                                                                                SFS Turbo file systems
                                                                                
+
                                                                                Yes
                                                                                
+
                                                                                Local PV
                                                                                
+
                                                                                Logical volumes mounted to the node
                                                                                
+
                                                                                Determined based on the policy selected when the cluster is deleted.
                                                                                
+
                                                                                If you choose to retain the node, the logical volumes will not be deleted. If you choose to delete or reset the node, the logical volumes will be deleted.
                                                                                
+
                                                                                SFS Turbo subdirectory
                                                                                
+
                                                                                A directory in SFS Turbo
                                                                                
+
                                                                                No
                                                                                
+
                                                                                
+
                                                                                
+
                                                                                
 
                                                                              • Delete network resources such as load balancers in a cluster. (Only automatically created load balancers will be deleted).
                                                                              
 
                                                                            4. Enter DELETE and click Yes to start deleting the cluster.
                                                                              The delete operation takes 1 to 3 minutes to complete.
                                                                              
 
                                                                            
diff --git a/docs/cce/umn/cce_10_0213.html b/docs/cce/umn/cce_10_0213.html
index 1a4525c4f..8c673d41d 100644
--- a/docs/cce/umn/cce_10_0213.html
+++ b/docs/cce/umn/cce_10_0213.html
@@ -3,7 +3,7 @@
 
                                                                            Modifying Cluster Configurations
                                                                            
 
                                                                            Scenario
                                                                            CCE allows you to manage cluster parameters, through which you can let core components work under your requirements.
                                                                            
 
                                                                            
-
                                                                            Procedure
                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                            2. Locate the target cluster, click ... to view more operations on the cluster, and choose Manage.
                                                                            3. On the Manage Components page on the right, change the values of the Kubernetes parameters listed in the following table.
                                                                              
+
                                                                              Procedure
                                                                              1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                              2. Locate the target cluster, click ... to view more operations on the cluster, and choose Manage.
                                                                              3. On the Manage Component page, change the values of the Kubernetes parameters listed in the following table.
                                                                                
 
                                                                                
-
-
@@ -107,7 +107,7 @@
 
@@ -117,7 +117,7 @@
 
@@ -130,7 +130,7 @@
 
                                                                                Configuration suggestion: Accurately configure audiences according to the communication needs among cluster services. By doing so, the service account token is used for authentication only between authorized services, which enhances security.
                                                                                 NOTE: 
                                                                                An incorrect configuration may lead to an authentication communication failure between services or an error during token verification.
                                                                                
 
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                                                
-
@@ -269,7 +269,7 @@
 
-
@@ -342,7 +342,7 @@
 
-
@@ -423,7 +423,7 @@
 
@@ -435,7 +435,7 @@
 
@@ -448,7 +448,7 @@
 
@@ -460,7 +460,7 @@
 
                                                                                Table 1 kube-apiserver configurations
                                                                                Item
                                                                                
                                                                                 		
 
                                                                                Parameter
                                                                                
@@ -86,7 +86,7 @@
 
 
                                                                                support-overload
                                                                                
 
                                                                                Cluster overload control. If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                                
+
                                                                                Cluster overload control. After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster.
                                                                                
 
                                                                                This parameter is available only in clusters of v1.23 or later.
                                                                                
                                                                                 		
 
                                                                                • false: Overload control is disabled.
                                                                                • true: Overload control is enabled.
                                                                                
@@ -96,8 +96,8 @@
                                                                                 		
 
                                                                                enable-admission-plugin-node-restriction
                                                                                
 
                                                                                This add-on allows the Kubelet of a node to operate only the objects of the current node for enhanced isolation in multi-tenant scenarios or the scenarios with high security requirements.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
+
                                                                                This add-on allows the kubelet of a node to operate only the objects of the current node for enhanced isolation in multi-tenant scenarios or the scenarios with high security requirements.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                
                                                                                 		
 
                                                                                Default: true
                                                                                
 
                                                                                enable-admission-plugin-pod-node-selector
                                                                                
                                                                                 		
 
                                                                                This add-on allows cluster administrators to configure the default node selector through namespace annotations. In this way, pods run only on specific nodes and configurations are simplified.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                
                                                                                 		
 
                                                                                Default: true
                                                                                
 
                                                                                enable-admission-plugin-pod-toleration-restriction
                                                                                
                                                                                 		
 
                                                                                This add-on allows cluster administrators to configure the default value and limits of pod tolerations through namespaces for fine-grained control over pod scheduling and key resource protection.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                
                                                                                 		
 
                                                                                Default: false
                                                                                
                                                                                 		
 
 
 
                                                                                Default value: "https://kubernetes.default.svc.cluster.local"
                                                                                
 
                                                                                Multiple values can be configured, which are separated by commas (,).
                                                                                
@@ -144,7 +144,7 @@
 
                                                                                Configuration suggestion: Ensure the configured issuer URL can be accessed in the cluster and trusted by the authentication system in the cluster.
                                                                                
 
                                                                                 NOTE: 
                                                                                If your specified issuer URL is untrusted or inaccessible, the authentication process based on the service account may fail.
                                                                                
 
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                                                
                                                                                 		
 
                                                                                Default value: "https://kubernetes.default.svc.cluster.local"
                                                                                
 
                                                                                Multiple values can be configured, which are separated by commas (,).
                                                                                
@@ -186,8 +186,8 @@
                                                                                 		
 
                                                                                enable-gpu-share
                                                                                
 
                                                                                Whether to enable GPU sharing. This parameter is supported only by clusters of v1.23.7-r10, v1.25.3-r0, and later.
                                                                                
-
                                                                                • When disabled, ensure that pods in the cluster cannot use shared GPUs (no cce.io/gpu-decision annotation in pods).
                                                                                • When enabled, ensure that there is a cce.io/gpu-decision annotation on all pods that use GPU resources in the cluster.
                                                                                
+
                                                                                Whether to enable GPU sharing. This parameter is supported only in clusters of v1.23.7-r10, v1.25.3-r0, or later versions.
                                                                                
+
                                                                                • When disabled, ensure that pods in the cluster cannot use shared GPUs (no cce.io/gpu-decision annotation in pods) and that GPU virtualization is disabled.
                                                                                • When enabled, ensure that there is a cce.io/gpu-decision annotation on all pods that use GPU resources in the cluster.
                                                                                
                                                                                 		
 
                                                                                Default: true
                                                                                
 
                                                                                Default: 5
                                                                                
                                                                                 		
 
                                                                                ResourceQuota
                                                                                
+
                                                                                Number of concurrent processing of resource quota
                                                                                
                                                                                 		
 
                                                                                concurrent-resource-quota-syncs
                                                                                
                                                                                 		
 
                                                                                horizontal-pod-autoscaler-tolerance
                                                                                
 
                                                                                The configuration determines how quickly the horizontal pod autoscaler will act to auto scaling policies. If the parameter is set to 0, auto scaling will be triggered immediately when the related metrics are met.
                                                                                
+
                                                                                The configuration determines how quickly the horizontal pod autoscaler will act to auto scaling policies. If the parameter is set to 0, auto scaling will be triggered immediately when the related metrics are met.
                                                                                
 
                                                                                Configuration suggestion: If the service resource usage increases sharply over time, retain a certain tolerance to prevent auto scaling which is beyond expectation in high resource usage scenarios.
                                                                                
                                                                                 		
 
                                                                                Default: 0.1
                                                                                
@@ -355,7 +355,7 @@
 
                                                                                During the period specified by this parameter, the CPU usage data used in HPA calculation is limited to pods that are both ready and have recently had their metrics collected. You can use this parameter to filter out unstable CPU usage data during the early stage of pod startup. This helps prevent incorrect scaling decisions based on momentary peak values.
                                                                                
 
                                                                                Configuration suggestion: If you find that HPA is making incorrect scaling decisions due to CPU usage fluctuations during pod startup, increase the value of this parameter to allow for a buffer period of stable CPU usage.
                                                                                
 
                                                                                 NOTE: 
                                                                                Make sure to configure this parameter properly as a small value may trigger unnecessary scaling based on peak CPU usage, while a large value may cause scaling to be delayed.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                                                
 
                                                                                
                                                                                 		
 
                                                                                Default: 5 minutes
                                                                                
@@ -368,7 +368,7 @@
 
                                                                                After CPU initialization, this period allows HPA to use a less strict criterion for filtering CPU metrics. During this period, HPA will gather data on the CPU usage of the pod for scaling, regardless of any changes in the pod's readiness status. This parameter ensures continuous tracking of CPU usage, even when the pod status changes frequently.
                                                                                
 
                                                                                Configuration suggestion: If the readiness status of pods fluctuates after startup and you want to prevent HPA misjudgment caused by the fluctuation, increase the value of this parameter to allow HPA to gather more comprehensive CPU usage data.
                                                                                
 
                                                                                 NOTE: 
                                                                                Configure this parameter properly. If it is set to a small value, an unnecessary scale-out may occur due to CPU data fluctuations when the pod enters the ready state. If it is set to a large value, HPA may not be able to make a quick decision when a rapid response is needed.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.28.6-r0, or later versions.
                                                                                
 
                                                                                
                                                                                 		
 
                                                                                Default: 30s
                                                                                
@@ -402,7 +402,7 @@
                                                                                 		
 
                                                                                Default: 1000
                                                                                
 
                                                                                Value range: 10 to 12500
                                                                                
-
                                                                                If the cluster version is v1.21.11-r40, v1.23.8-r0, v1.27.3-r0, v1.25.6-r0, or later, the value range is changed to 0 to 100000.
                                                                                
+
                                                                                If the cluster version is v1.21.11-r40, v1.23.8-r0, v1.25.6-r0, v1.27.3-r0, or later, the value range is changed to 0 to 100000.
                                                                                
                                                                                 		
 
                                                                                
 
                                                                                Unhealthy AZ Threshold
                                                                                
@@ -410,7 +410,7 @@
 
                                                                                unhealthy-zone-threshold
                                                                                
                                                                                 		
 
                                                                                When more than a certain proportion of pods in an AZ are unhealthy, the AZ itself will be considered unhealthy, and scheduling pods to nodes in that AZ will be restricted to limit the impacts of the unhealthy AZ.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                
 
                                                                                 NOTE: 
                                                                                If the parameter is set to a large value, pods in unhealthy AZs will be migrated in a large scale, which may lead to risks such as overloaded clusters.
                                                                                
 
                                                                                
 
                                                                                node-eviction-rate
                                                                                
                                                                                 		
 
                                                                                This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is healthy. The default value is 0.1, indicating that pods can be evicted from at most one node every 10 seconds.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                
 
                                                                                 NOTE: 
                                                                                If the parameter is set to a large value, the cluster may be overloaded. Additionally, if too many pods are evicted, they cannot be rescheduled, which will slow down fault recovery.
                                                                                
 
                                                                                
 
                                                                                secondary-node-eviction-rate
                                                                                
                                                                                 		
 
                                                                                This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is unhealthy. The default value is 0.01, indicating that pods can be evicted from at most one node every 100 seconds.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                
 
                                                                                 NOTE: 
                                                                                There is no need to set the parameter to a large value for nodes in an unhealthy AZ, and this configuration may result in overloaded clusters.
                                                                                
 
                                                                                
 
                                                                                large-cluster-size-threshold
                                                                                
                                                                                 		
 
                                                                                If the number of nodes in a cluster is greater than the value of this parameter, this is a large cluster.
                                                                                
-
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
+
                                                                                This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                
 
                                                                                 NOTE: 
                                                                                kube-controller-manager automatically adjusts configurations for large clusters to optimize the cluster performance. Therefore, an excessively small threshold for small clusters will deteriorate the cluster performance.
                                                                                
 
                                                                                
 
                                                                                
 
                                                                                
 
-
                                                                                Table 4 Network components (available only for CCE Turbo clusters)
                                                                                Item
                                                                                
+
                                                                                
@@ -526,9 +526,9 @@
 
                                                                                Table 4 Networking components (available only for CCE Turbo clusters)
                                                                                Item
                                                                                
                                                                                 		
 
                                                                                Parameter
                                                                                
 
                                                                                
 
                                                                                
 
-
                                                                                Table 5 Networking component configurations (supported only by the clusters using a VPC network)
                                                                                Item
                                                                                
+
                                                                                
-
@@ -536,9 +536,9 @@
 
-
-
                                                                                Table 5 Networking component configurations (supported only by the clusters using a VPC network)
                                                                                Item
                                                                                
 
                                                                                Parameter
                                                                                
+
                                                                                Parameter
                                                                                
                                                                                 		
 
                                                                                Description
                                                                                
                                                                                 		
 
                                                                                
 
                                                                                Retaining the non-masqueraded CIDR block of the original pod IP address
                                                                                
+
                                                                                Retaining the non-masqueraded CIDR block of the original pod IP address
                                                                                
 
                                                                                nonMasqueradeCIDRs
                                                                                
+
                                                                                nonMasqueradeCIDRs
                                                                                
                                                                                 		
 
                                                                                In a CCE cluster using the VPC network model, if a container in the cluster needs to access externally, the source pod IP address must be masqueraded as the IP address of the node where the pod resides through SNAT. After the configuration, the node will not SNAT the IP addresses in the CIDR block by default. This function is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                
 
                                                                                By default, nodes in a cluster do not perform SNAT on packets destined for 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 that is detected by CCE as a private CIDR block. Instead, these packets are directly transferred using the upper-layer VPC. (The three CIDR blocks are considered as internal networks in the cluster and are reachable at Layer 3 by default.)
                                                                                
diff --git a/docs/cce/umn/cce_10_0214.html b/docs/cce/umn/cce_10_0214.html
index 72e43dd80..b57c6b62c 100644
--- a/docs/cce/umn/cce_10_0214.html
+++ b/docs/cce/umn/cce_10_0214.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                Hibernating or Waking Up a Cluster
                                                                                
-
                                                                                Scenario
                                                                                If a pay-per-use cluster is not needed temporarily, hibernate it to reduce costs.
                                                                                
+
                                                                                Scenario
                                                                                If a cluster is not needed temporarily, hibernate it to reduce costs.
                                                                                
 
                                                                                After a cluster is hibernated, resources such as workloads cannot be created or managed in the cluster.
                                                                                
 
                                                                                
 
                                                                                Precautions
                                                                                • During cluster wakeup, the master node may fail to start due to insufficient resources, which leads to a cluster wakeup failure. In this case, wait for a while and try again.
                                                                                • After a cluster is woken up, it takes 3 to 5 minutes to initialize data. Deliver services after the cluster runs properly.
                                                                                
diff --git a/docs/cce/umn/cce_10_0216.html b/docs/cce/umn/cce_10_0216.html
index d09dba1d2..cce6373af 100644
--- a/docs/cce/umn/cce_10_0216.html
+++ b/docs/cce/umn/cce_10_0216.html
@@ -9,7 +9,7 @@
 
                                                                                
 
                                                                                Prerequisites
                                                                                Before creating a DaemonSet, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Standard/Turbo Cluster.
                                                                                
 
                                                                                
-
                                                                                Using the CCE Console
                                                                                1. Log in to the CCE console.
                                                                                2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                3. Set basic information about the workload.
                                                                                  Basic Info
                                                                                  • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                                                  • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                  • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                  • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                                                                                  • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                                                  
+
                                                                                  Using the CCE Console
                                                                                  1. Log in to the CCE console.
                                                                                  2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                                  3. Set basic information about the workload.
                                                                                    Basic Info
                                                                                    • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                                                    • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                    • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                    • Container Runtime: A CCE standard cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Secure Runtime and Common Runtime.
                                                                                    • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                                                    
 
                                                                                    
 
                                                                                    Container Settings
                                                                                    • Container Information
                                                                                      Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                                      • Basic Info: Configure basic information about the container.
 
                                                                                        Parameter
                                                                                        
@@ -83,17 +83,17 @@
 
                                                                                        A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and automatically balances load for these pods.
                                                                                        
 
                                                                                        You can also create a Service after creating a workload. For details about Services of different types, see Overview.
                                                                                        
 
                                                                                        (Optional) Advanced Settings
-
                                                                                        • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity is provided.
                                                                                          • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                                                                                            • Specified node scheduling: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                                                            • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                                                            • Custom policies: Affinity and anti-affinity policies can be customized as needed. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                            
+
                                                                                            • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity is provided.
                                                                                              • Node Affinity: Common load affinity policies are offered for quick load affinity deployment.
                                                                                                • Not configured: No node affinity policy is configured.
                                                                                                • Specified node scheduling: Workload pods can be deployed on specified nodes through node affinity (nodeAffinity). If no node is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                                                                • Specified node pool scheduling: Workload pods can be deployed in a specified node pool through node affinity (nodeAffinity). If no node pool is specified, the pods will be randomly scheduled based on the default scheduling policy of the cluster.
                                                                                                • Custom policies: Affinity and anti-affinity policies can be customized. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                                                                                                
 
                                                                                              
 
                                                                                            
-
                                                                                            • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                                                                                            • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                                                                            • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                                                            • Network Configuration
+
                                                                                              • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Configuring Tolerance Policies.
                                                                                              • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Configuring Labels and Annotations.
                                                                                              • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                                                              • Network Configuration
                                                                                                • Pod ingress/egress bandwidth limitation: You can set ingress/egress bandwidth limitation for pods. For details, see Configuring QoS for a Pod.
                                                                                                • Whether to enable a specified container network configuration: available only for clusters that support this function. After you enable a specified container network configuration, the workload will be created using the container subnet and security group in the configuration. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                                                                                • Specify the container network configuration name: Only the custom container network configuration whose associated resource type is workload can be selected.
                                                                                                • IPv6 shared bandwidth: available only for clusters that support this function. After this function is enabled, you can configure a shared bandwidth for a pod with IPv6 dual-stack ENIs. For details, see Configuring Shared Bandwidth for a Pod with IPv6 Dual-Stack ENIs.
                                                                                                
 
                                                                                              
 
                                                                                        
 
                                                                                      • Click Create Workload in the lower right corner.
                                                                                        • 
 
 
                                                                                        Using kubectl
                                                                                        The following procedure uses Nginx as an example to describe how to create a workload using kubectl.
                                                                                        
 
                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                        2. Create and edit the nginx-daemonset.yaml file. nginx-daemonset.yaml is an example file name, and you can change it as required.
                                                                                          vi nginx-daemonset.yaml
                                                                                          
-
                                                                                          The content of the description file is as follows: The following provides an example. For more information on DaemonSets, see Kubernetes documents.
                                                                                          
+
                                                                                          The content of the description file is as follows: The following provides an example. For more information on DaemonSets, see Kubernetes documentation.
                                                                                          
 
                                                                                          apiVersion: apps/v1
 kind: DaemonSet
 metadata:
diff --git a/docs/cce/umn/cce_10_0232.html b/docs/cce/umn/cce_10_0232.html
index 738d0ec6f..a179de154 100644
--- a/docs/cce/umn/cce_10_0232.html
+++ b/docs/cce/umn/cce_10_0232.html
@@ -1,490 +1,132 @@
 
 
-
                                                                                          Scheduling Policies (Affinity/Anti-affinity)
                                                                                          
-
                                                                                          Kubernetes supports node affinity and pod affinity/anti-affinity. You can configure custom rules to achieve affinity and anti-affinity scheduling. For example, you can deploy frontend pods and backend pods together, deploy the same type of applications on a specific node, or deploy different applications on different nodes.
                                                                                          
-
                                                                                          Kubernetes affinity applies to nodes and pods.
                                                                                          
-
                                                                                          • nodeAffinity: similar to pod nodeSelector, and they both schedule pods only to the nodes with specified labels. The difference between nodeAffinity and nodeSelector lies in that nodeAffinity features stronger expression than nodeSelector and allows you to specify preferentially selected soft constraints. The two types of node affinity are as follows:
                                                                                            • requiredDuringSchedulingIgnoredDuringExecution: hard constraint that must be met. The scheduler can perform scheduling only when the rule is met. This function is similar to nodeSelector, but it features stronger syntax expression. For details, see Node Affinity (nodeAffinity).
                                                                                            • preferredDuringSchedulingIgnoredDuringExecution: soft constraint that is met as much as possible. The scheduler attempts to find the node that meets the rule. If no matching node is found, the scheduler still schedules the pod. For details, see Node Preference Rules.
                                                                                            
-
                                                                                          • Workload Affinity (podAffinity)/Workload Anti-affinity (podAntiAffinity): The nodes to which a pod can be scheduled are determined based on the label of the pod running on a node, but not the label of the node. Similar to node affinity, workload affinity and anti-affinity are also of requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution types.
                                                                                             
                                                                                            Workload affinity and anti-affinity require a certain amount of computing time, which significantly slows down scheduling in large-scale clusters. Do not enable workload affinity and anti-affinity in a cluster that contains hundreds of nodes.
                                                                                            
-
                                                                                            
-
                                                                                          
-
                                                                                          You can create the preceding affinity policies on the console. For details, see Configuring Load Affinity on the Console or Configuring Node Affinity on the Console.
                                                                                          
-
                                                                                          Configuring Load Affinity on the Console
                                                                                          1. When creating a workload, click Scheduling in the Advanced Settings area. For details about how to create a workload, see Creating a Workload.
                                                                                          2. Select a load affinity scheduling policy.
                                                                                            • Not configured: No load affinity policy is configured.
                                                                                            • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity.
                                                                                            • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to different AZs and different nodes through pod anti-affinity. When this scheduling policy is used, if there are fewer nodes than pods or node resources are insufficient, the extra pods will fail to run.
                                                                                            • Custom policies: allow flexible scheduling of workload pods based on pod labels. For details about the supported scheduling policies, see Table 1. Select a proper policy type and click  to add a policy. For details about the parameters, see Table 2.
-
                                                                                              Table 1 Load affinity policies
                                                                                              Policy
                                                                                              
+
                                                                                              Overview
                                                                                              
+
                                                                                              Kubernetes schedules workloads based on pods. After you create a workload, the scheduler automatically assigns pods. For example, the scheduler distributes pods to nodes that have enough resources.
                                                                                              
+
                                                                                              While the default scheduler behavior is sufficient for most needs, there may be situations where you require more precise control over where pods are deployed. To address this, Kubernetes enables you to configure scheduling policies when creating workloads. For example, you may need to:
                                                                                              
+
                                                                                              • Deploy a frontend application and a backend application on the same node. This reduces latency because the pods of both applications can use the physical resources of the node.
                                                                                              • Deploy a certain type of applications on specific nodes to ensure that these critical applications always run on the best hardware or configuration.
                                                                                              • Deploy different applications on separate nodes to isolate them from each other. This prevents any issues with one application from affecting others.
                                                                                              
+
                                                                                              Use the methods listed in the following table to select a pod scheduling policy in Kubernetes.
                                                                                              
+
+
                                                                                              
-
-
+
-
-
-
+
-
-
+
+
-
-
-
-
-
-
                                                                                              Table 1 Workload scheduling policies
                                                                                              Scheduling Policy
                                                                                              
 
                                                                                              Type
                                                                                              
+
                                                                                              YAML Field
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              Description
                                                                                              
+
                                                                                              Reference
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Workload affinity
                                                                                              
+
                                                                                              Node selector
                                                                                              
 
                                                                                              Required
                                                                                              
+
                                                                                              nodeSelector
                                                                                              
 
                                                                                              Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that must be met.
                                                                                              
-
                                                                                              Select pods that require affinity by label. If such pods already run on a node in the topology key, the scheduler will forcibly schedule the created pods to that topology key.
                                                                                              
-
                                                                                               NOTE: 
                                                                                              If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods must be affinity with all pods that meet the label filtering conditions. In this way, all pods that meet the label filtering conditions locate in the same topology key for scheduling.
                                                                                              
-
                                                                                              
+
                                                                                              A basic scheduling mode, in which Kubernetes selects the target node according to node labels. This means that pods are only scheduled to the node that has the specific label.
                                                                                              
+
                                                                                              Configuring Specified Node Scheduling (nodeSelector)
                                                                                              
                                                                                               		
 
                                                                                              Preferred
                                                                                              
+
                                                                                              Node affinity
                                                                                              
 
                                                                                              Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that need to be met as much as possible.
                                                                                              
-
                                                                                              Select pods that require affinity by label. If such pods already run on a node in the topology key, the scheduler will preferentially schedule the created pods to that topology key.
                                                                                              
-
                                                                                               NOTE: 
                                                                                              If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods will be preferentially to be affinity with multiple pods that meet the label filtering conditions. However, even if no pod meets the label filter conditions, a topology key will be selected for scheduling.
                                                                                              
+
                                                                                              nodeAffinity
                                                                                              
+
                                                                                              Node affinity is more expressive than nodeSelector. It allows you to use Label Selectors to filter nodes that require affinity based on their labels and choose between Required and Preferred for Affinity Rules.
                                                                                              
+
                                                                                               NOTE: 
                                                                                              When both nodeSelector and nodeAffinity are specified, a pod can only be scheduled to a candidate node if both conditions are met.
                                                                                              
 
                                                                                              
 
                                                                                              Configuring Node Affinity Scheduling (nodeAffinity)
                                                                                              
+                                                                                              		
 
                                                                                              Workload anti-affinity
                                                                                              
+
                                                                                              Workload affinity or anti-affinity scheduling
                                                                                              
 
                                                                                              Required
                                                                                              
+
                                                                                              podAffinity/podAntiAffinity
                                                                                              
 
                                                                                              Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that must be met.
                                                                                              
-
                                                                                              Select one or more pods that require anti-affinity by label. If such pods already run on a node in the topology key, the scheduler will not schedule the created pods to that topology key.
                                                                                              
-
                                                                                               NOTE: 
                                                                                              If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods must be anti-affinity with all pods that meet the label filtering conditions. In this way, all the topology keys where the pods that meet the label filtering conditions locate will not be scheduled.
                                                                                              
+
                                                                                              You can use Label Selectors to filter pods that require affinity or anti-affinity based on workload labels. You can then determine whether to schedule new workload pods to the same node (or node group) as the target pod or not. Additionally, you can choose between Required and Preferred for Affinity Rules.
                                                                                              
+
                                                                                               NOTE: 
                                                                                              Workload affinity and anti-affinity require a certain amount of computing time, which significantly slows down scheduling in large-scale clusters. Do not enable workload affinity and anti-affinity in a cluster that contains hundreds of nodes.
                                                                                              
 
                                                                                              
 
                                                                                              Preferred
                                                                                              
-
                                                                                              Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that need to be met as much as possible.
                                                                                              
-
                                                                                              Select one or more pods that require anti-affinity by label. If such pods already run on a node in the topology key, the scheduler will preferentially schedule the created pods to other topology keys.
                                                                                              
-
                                                                                               NOTE: 
                                                                                              If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods will be preferentially to be anti-affinity with multiple pods that meet the label filtering conditions. However, even if all topology keys involve the pods that require anti-affinity, a topology key will be selected for scheduling.
                                                                                              
-
                                                                                              
+
                                                                                              Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)
                                                                                              
                                                                                               		
 
                                                                                              
                                                                                               
 
                                                                                              
 
                                                                                              
+
                                                                                              Affinity Rules
                                                                                              Scheduling policies that use node affinity or workload affinity/anti-affinity can include both hard and soft constraints to meet complex scheduling requirements. Hard constraints must be met, while soft constraints should be met as much as possible.
                                                                                              
 
-
                                                                                              Table 2 Parameters for configuring load affinity/anti-affinity scheduling policies
                                                                                              Parameter
                                                                                              
+
                                                                                              
-
+
+
-
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                              Table 2 Affinity rules
                                                                                              Rule Type
                                                                                              
 
                                                                                              Description
                                                                                              
+
                                                                                              YAML Field
                                                                                              
+
                                                                                              Description
                                                                                              
+
                                                                                              Example
                                                                                              
                                                                                               		
 
                                                                                              
 
                                                                                              Weight
                                                                                              
+
                                                                                              Required
                                                                                              
 
                                                                                              This parameter is available only in a preferred scheduling policy. The weight ranges from 1 to 100. During scheduling, the scheduler adds the weight to the scores of other priority functions and schedules pods to the node with the largest total score.
                                                                                              
+
                                                                                              requiredDuringSchedulingIgnoredDuringExecution
                                                                                              
+
                                                                                              Hard constraint that must be met. The scheduler can perform scheduling only when the rule is met.
                                                                                              
+                                                                                              		
 
 
                                                                                              Namespace
                                                                                              
+
                                                                                              Preferred
                                                                                              
 
                                                                                              Namespace for which the scheduling policy takes effect.
                                                                                              
+
                                                                                              preferredDuringSchedulingIgnoredDuringExecution
                                                                                              
 
                                                                                              Topology Key
                                                                                              
-
                                                                                              A topology key (topologyKey) determines the range of nodes to be scheduled based on node labels. For example, if the node label is kubernetes.io/hostname, the range of nodes is determined by node name. Nodes with different names are in different topology keys. In this case, a topology key contains only one node. If the specified label is kubernetes.io/os, the range of nodes is determined by node OS. Nodes running different OSs belong to different topology keys. In this case, a topology key may contain multiple nodes.
                                                                                              
-
                                                                                              After the node range is determined using the topology key, configure the policy for scheduling, including the label key, operator, and label value. The minimum unit for scheduling is a topology key. For example, if a node in a topology key meets the load affinity policy, all nodes in the topology key can be scheduled.
                                                                                              
-
                                                                                              Label Key
                                                                                              
-
                                                                                              When configuring a workload affinity or anti-affinity policy, enter the workload label to be matched.
                                                                                              
-
                                                                                              Both default labels and custom labels are supported.
                                                                                              
-
                                                                                              Operator
                                                                                              
-
                                                                                              The following operators are supported:
                                                                                              
-
                                                                                              • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                              • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                              • Exists: The affinity or anti-affinity object has a specified label key.
                                                                                              • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                                              
-
                                                                                              Label Value
                                                                                              
-
                                                                                              When configuring a workload affinity or anti-affinity policy, enter the value of the workload label.
                                                                                              
+
                                                                                              Soft constraint. The scheduler tries to locate the target object that satisfies the target rule. The scheduler will schedule the pod even if it cannot find a matching target object that satisfies the target rule.
                                                                                              
+
                                                                                              When using preferred affinity, you can set a weight field ranging from 1 to 100 for each pod. Assigning a higher weight to a pod will increase its priority in the scheduling process.
                                                                                              
                                                                                               		
 
                                                                                              
                                                                                               
 
                                                                                              
 
                                                                                              
-
-
                                                                                            • After the scheduling policy is added, click Create Workload.
                                                                                              • 
+
                                                                                               
                                                                                              The YAML field requiredDuringScheduling or preferredDuringScheduling in the affinity rules above indicates that a label rule must be forcibly met or needs to be met as much as possible during scheduling. IgnoredDuringExecution indicates that any changes to the node label after Kubernetes schedules the pod will not affect the pod's running or cause it to be rescheduled. However, if kubelet on the node is restarted, kubelet will recheck the node affinity rule, and the pod will still be scheduled to another node.
                                                                                              
+
                                                                                              
 
-
                                                                                              Configuring Node Affinity on the Console
                                                                                              1. When creating a workload, click Scheduling in the Advanced Settings area. For details about how to create a workload, see Creating a Workload.
                                                                                              2. Select a node affinity scheduling policy.
                                                                                                • Not configured: No node affinity policy is configured.
                                                                                                • Node Affinity: Specify the nodes where workload pods are to be deployed. If no nodes are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                • Specified Node Pool Scheduling: Specify the node pools where workload pods are to be deployed. If no node pools are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                • Custom policies: allow flexible scheduling of workload pods based on node labels. For details about the supported scheduling policies, see Table 3. Select a proper policy type and click  to add a policy. For details about the parameters, see Table 4. You can also click Specify Node or Specify AZ to quickly select a node or AZ on the console for scheduling.
                                                                                                  Specifying a node or AZ is also implemented through labels. The console frees you from manually entering node labels. The kubernetes.io/hostname label is used when you specify a node, and the failure-domain.beta.kubernetes.io/zone label is used when you specify an AZ.
                                                                                                  
+
                                                                                                  Label Selectors
                                                                                                  When creating a scheduling policy use the logical operators of a label selector to filter label values and identify the objects that need affinity or anti-affinity.
                                                                                                  
 
-
                                                                                                  Table 3 Node affinity settings
                                                                                                  Parameter
                                                                                                  
+
                                                                                                  
-
+
-
-
+
-
-
+
+
+
                                                                                                  Table 3 Label selectors
                                                                                                  Parameter
                                                                                                  
 
                                                                                                  Description
                                                                                                  
+
                                                                                                  Description
                                                                                                  
+
                                                                                                  YAML Example
                                                                                                  
                                                                                                   		
 
                                                                                                  
 
                                                                                                  Required
                                                                                                  
+
                                                                                                  key
                                                                                                  
 
                                                                                                  Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution for specifying the conditions that must be met.
                                                                                                  
-
                                                                                                  If multiple rules that must be met are added, scheduling will be performed when only one rule is met.
                                                                                                  
+
                                                                                                  Label key. The objects that meet the filter criteria must contain the label of the key, and the label value must meet the operation relationship between the label value list (values field) and logical operators.
                                                                                                  
+
                                                                                                  In the example below, objects that meet the filter criteria must have a label with a key of topology.kubernetes.io/zone and a value of either az1 or az2.
                                                                                                  
+
                                                                                                  matchExpressions:
+  - key: topology.kubernetes.io/zone
+    operator: In
+    values:
+    - az1
+    - az2
                                                                                                  
                                                                                                   		
 
                                                                                                  Preferred
                                                                                                  
+
                                                                                                  operator
                                                                                                  
 
                                                                                                  Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution for specifying the conditions that need to be met as much as possible.
                                                                                                  
-
                                                                                                  If multiple rules that are preferentially met are added, scheduling will be performed even if one or none of the rules is met.
                                                                                                  
+
                                                                                                  Logical operator that can be used to determine filtering rules for label values. Options:
                                                                                                  
+
                                                                                                  • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                  • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                  • Exists: The affinity or anti-affinity object has a specified label key. There is no need to configure the label value list (values field).
                                                                                                  • DoesNotExist: The affinity or anti-affinity object does not have a specified label key. There is no need to configure the label value list (values field).
                                                                                                  • Gt: (available only for node affinity) The label value of the scheduled node is greater than what is listed (string comparison).
                                                                                                  • Lt: (available only for node affinity) The label value of the scheduled node is less than what is listed (string comparison).
                                                                                                  
+
                                                                                                  values
                                                                                                  
+
                                                                                                  Label values
                                                                                                  
                                                                                                   		
 
                                                                                                  
                                                                                                   
 
                                                                                                  
 
                                                                                                  
-
-
                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                  Table 4 Parameters for configuring node affinity scheduling policies
                                                                                                  Parameter
                                                                                                  
-
                                                                                                  Description
                                                                                                  
-
                                                                                                  Label Key
                                                                                                  
-
                                                                                                  When configuring node affinity, enter the node label to be matched.
                                                                                                  
-
                                                                                                  Both default labels and custom labels are supported.
                                                                                                  
-
                                                                                                  Operator
                                                                                                  
-
                                                                                                  The following operators are supported:
                                                                                                  
-
                                                                                                  • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                  • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                  • Exists: The affinity or anti-affinity object has a specified label key.
                                                                                                  • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                                                  • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                                                  • Lt: (available only for node affinity) The label value of the scheduled node is less than the list value (string comparison).
                                                                                                  
-
                                                                                                  Label Value
                                                                                                  
-
                                                                                                  When configuring node affinity, enter the value of the node label.
                                                                                                  
-
                                                                                                  
-
                                                                                                  
-
-
                                                                                                • After the scheduling policy is added, click Create Workload.
                                                                                                  • 
-
-
                                                                                                  Node Affinity (nodeAffinity)
                                                                                                  Workload node affinity rules are implemented using node labels. When a node is created in a CCE cluster, certain labels are automatically added. You can run the kubectl describe node command to view the labels. The following is an example:
                                                                                                  
-
                                                                                                  $ kubectl describe node 192.168.0.212
-Name:               192.168.0.212
-Roles:              <none>
-Labels:             beta.kubernetes.io/arch=amd64
-                    beta.kubernetes.io/os=linux
-                    failure-domain.beta.kubernetes.io/is-baremetal=false
-                    failure-domain.beta.kubernetes.io/region=******
-                    failure-domain.beta.kubernetes.io/zone=******
-                    kubernetes.io/arch=amd64
-                    kubernetes.io/availablezone=******
-                    kubernetes.io/eniquota=12
-                    kubernetes.io/hostname=192.168.0.212
-                    kubernetes.io/os=linux
-                    node.kubernetes.io/subnetid=fd43acad-33e7-48b2-a85a-24833f362e0e
-                    os.architecture=amd64
-                    os.name=EulerOS_2.0_SP5
-                    os.version=3.10.0-862.14.1.5.h328.eulerosv2r7.x86_64
                                                                                                  
-
                                                                                                  In workload scheduling, common node labels are as follows:
                                                                                                  
-
                                                                                                  • failure-domain.beta.kubernetes.io/region: region where the node is located
                                                                                                  • failure-domain.beta.kubernetes.io/zone: availability zone to which the node belongs
                                                                                                  • kubernetes.io/hostname: hostname of the node
                                                                                                  
-
                                                                                                  Kubernetes provides the nodeSelector field. When creating a workload, you can set this field to specify that the pod can be deployed only on a node with the specific label. The following example shows how to use a nodeSelector to deploy the pod only on the node with the gpu=true label.
                                                                                                  
-
                                                                                                  apiVersion: v1
-kind: Pod
-metadata:
-  name: nginx
-spec:
-  nodeSelector:                 # Node selection. A pod is created on a node only when the node meets gpu=true.
-    gpu: true
-...
                                                                                                  
-
                                                                                                  Node affinity rules can achieve the same results. Compared with nodeSelector, node affinity rules seem more complex, but with a more expressive syntax. You can use the spec.affinity.nodeAffinity field to set node affinity. There are two types of node affinity:
                                                                                                  • requiredDuringSchedulingIgnoredDuringExecution: Kubernetes cannot schedule the pod unless the rule is met.
                                                                                                  • PreferredDuringSchedulingIgnoredDuringExecution: Kubernetes tries to find a node that meets the rule. If a matching node is not available, Kubernetes still schedules the pod.
                                                                                                  
-
                                                                                                   
                                                                                                  In these two types of node affinity, requiredDuringScheduling or preferredDuringScheduling indicates that the pod can be scheduled to a node only when all the defined rules are met (required). IgnoredDuringExecution indicates that any changes to the node label after Kubernetes schedules the pod will not affect the pod's running or cause it to be rescheduled. However, if kubelet on the node is restarted, kubelet will recheck the node affinity rule, and the pod will still be scheduled to another node.
                                                                                                  
-
                                                                                                  
-
                                                                                                  
-
                                                                                                  The following is an example of configuring node affinity:
                                                                                                  
-
                                                                                                  apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name:  gpu
-  labels:
-    app:  gpu
-spec:
-  selector:
-    matchLabels:
-      app: gpu
-  replicas: 3
-  template:
-    metadata:
-      labels:
-        app:  gpu
-    spec:
-      containers:
-      - image:  nginx:alpine
-        name:  gpu
-        resources:
-          requests:
-            cpu: 100m
-            memory: 200Mi
-          limits:
-            cpu: 100m
-            memory: 200Mi
-      imagePullSecrets:
-      - name: default-secret
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: gpu
-                operator: In
-                values:
-                - "true"
                                                                                                  
-
                                                                                                  In this example, the scheduled node must contain a label with the key named gpu. The value of operator is to In, indicating that the label value must be in the values list. That is, the key value of the gpu label of the node is true. For details about other values of operator, see Operator Values. Note that there is no such thing as nodeAntiAffinity because operators NotIn and DoesNotExist provide the same function.
                                                                                                  
-
                                                                                                  The following describes how to check whether the rule takes effect. Assume that a cluster has three nodes.
                                                                                                  
-
                                                                                                  $ kubectl get node
-NAME            STATUS   ROLES    AGE   VERSION                            
-192.168.0.212   Ready    <none>   13m   v1.15.6-r1-20.3.0.2.B001-15.30.2
-192.168.0.94    Ready    <none>   13m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
-192.168.0.97    Ready    <none>   13m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
                                                                                                  
-
                                                                                                  Add the gpu=true label to the 192.168.0.212 node.
                                                                                                  
-
                                                                                                  $ kubectl label node 192.168.0.212 gpu=true
-node/192.168.0.212 labeled
-
-$ kubectl get node -L gpu
-NAME            STATUS   ROLES    AGE   VERSION                            GPU
-192.168.0.212   Ready    <none>   13m   v1.15.6-r1-20.3.0.2.B001-15.30.2   true
-192.168.0.94    Ready    <none>   13m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
-192.168.0.97    Ready    <none>   13m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
                                                                                                  
-
                                                                                                  Create the Deployment. You can find that all pods are deployed on the 192.168.0.212 node.
                                                                                                  
-
                                                                                                  $ kubectl create -f affinity.yaml 
-deployment.apps/gpu created
-
-$ kubectl get pod -o wide
-NAME                     READY   STATUS    RESTARTS   AGE   IP            NODE         
-gpu-6df65c44cf-42xw4     1/1     Running   0          15s   172.16.0.37   192.168.0.212
-gpu-6df65c44cf-jzjvs     1/1     Running   0          15s   172.16.0.36   192.168.0.212
-gpu-6df65c44cf-zv5cl     1/1     Running   0          15s   172.16.0.38   192.168.0.212
                                                                                                  
-
                                                                                                  
-
                                                                                                  Node Preference Rules
                                                                                                  The preceding requiredDuringSchedulingIgnoredDuringExecution rule is a hard selection rule. There is another type of selection rule, that is, preferredDuringSchedulingIgnoredDuringExecution. It is used to specify which nodes are preferred during scheduling.
                                                                                                  
-
                                                                                                  To achieve this effect, add a node attached with SAS disks to the cluster, add the DISK=SAS label to the node, and add the DISK=SSD label to the other three nodes. 
                                                                                                  
-
                                                                                                  $ kubectl get node -L DISK,gpu
-NAME            STATUS   ROLES    AGE     VERSION                            DISK     GPU
-192.168.0.100   Ready    <none>   7h23m   v1.15.6-r1-20.3.0.2.B001-15.30.2   SAS   
-192.168.0.212   Ready    <none>   8h      v1.15.6-r1-20.3.0.2.B001-15.30.2   SSD      true
-192.168.0.94    Ready    <none>   8h      v1.15.6-r1-20.3.0.2.B001-15.30.2   SSD   
-192.168.0.97    Ready    <none>   8h      v1.15.6-r1-20.3.0.2.B001-15.30.2   SSD  
                                                                                                  
-
                                                                                                  Define a Deployment. Use the preferredDuringSchedulingIgnoredDuringExecution rule to set the weight of nodes with the SSD disk installed as 80 and nodes with the gpu=true label as 20. In this way, pods are preferentially deployed on the nodes with the SSD disk installed.
                                                                                                  
-
                                                                                                  apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name:  gpu
-  labels:
-    app:  gpu
-spec:
-  selector:
-    matchLabels:
-      app: gpu
-  replicas: 10
-  template:
-    metadata:
-      labels:
-        app:  gpu
-    spec:
-      containers:
-      - image:  nginx:alpine
-        name:  gpu
-        resources:
-          requests:
-            cpu:  100m
-            memory:  200Mi
-          limits:
-            cpu:  100m
-            memory:  200Mi
-      imagePullSecrets:
-      - name: default-secret
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 80 
-            preference: 
-              matchExpressions: 
-              - key: DISK
-                operator: In 
-                values: 
-                - SSD
-          - weight: 20 
-            preference: 
-              matchExpressions: 
-              - key: gpu
-                operator: In 
-                values: 
-                - "true"
                                                                                                  
-
                                                                                                  After the deployment, there are five pods deployed on the node 192.168.0.212 (label: DISK=SSD and GPU=true), three pods deployed on the node 192.168.0.97 (label: DISK=SSD), and two pods deployed on the node 192.168.0.100 (label: DISK=SAS).
                                                                                                  
-
                                                                                                  From the preceding output, you can find that no pods of the Deployment are scheduled to node 192.168.0.94 (label: DISK=SSD). This is because the node already has many pods on it and its resource usage is high. This also indicates that the preferredDuringSchedulingIgnoredDuringExecution rule defines a preference rather than a hard requirement.
                                                                                                  
-
                                                                                                  $ kubectl create -f affinity2.yaml 
-deployment.apps/gpu created
-
-$ kubectl get po -o wide
-NAME                   READY   STATUS    RESTARTS   AGE     IP            NODE         
-gpu-585455d466-5bmcz   1/1     Running   0          2m29s   172.16.0.44   192.168.0.212
-gpu-585455d466-cg2l6   1/1     Running   0          2m29s   172.16.0.63   192.168.0.97 
-gpu-585455d466-f2bt2   1/1     Running   0          2m29s   172.16.0.79   192.168.0.100
-gpu-585455d466-hdb5n   1/1     Running   0          2m29s   172.16.0.42   192.168.0.212
-gpu-585455d466-hkgvz   1/1     Running   0          2m29s   172.16.0.43   192.168.0.212
-gpu-585455d466-mngvn   1/1     Running   0          2m29s   172.16.0.48   192.168.0.97 
-gpu-585455d466-s26qs   1/1     Running   0          2m29s   172.16.0.62   192.168.0.97 
-gpu-585455d466-sxtzm   1/1     Running   0          2m29s   172.16.0.45   192.168.0.212
-gpu-585455d466-t56cm   1/1     Running   0          2m29s   172.16.0.64   192.168.0.100
-gpu-585455d466-t5w5x   1/1     Running   0          2m29s   172.16.0.41   192.168.0.212
                                                                                                  
-
                                                                                                  
-
                                                                                                  In the preceding example, the node scheduling priority is as follows. Nodes with both SSD and gpu=true labels have the highest priority. Nodes with the SSD label but no gpu=true label have the second priority (weight: 80). Nodes with the gpu=true label but no SSD label have the third priority. Nodes without any of these two labels have the lowest priority.
                                                                                                  
-
                                                                                                  Figure 1 Scheduling priority
                                                                                                  
-
                                                                                                  Workload Affinity (podAffinity)
                                                                                                  Node affinity rules affect only the affinity between pods and nodes. Kubernetes also supports configuring inter-pod affinity rules. For example, the frontend and backend of an application can be deployed together on one node to reduce access latency. There are also two types of inter-pod affinity rules: requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution.
                                                                                                  
-
                                                                                                   
                                                                                                  For workload affinity, topologyKey cannot be left blank when requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution are used.
                                                                                                  
-
                                                                                                  
-
                                                                                                  Assume that the backend of an application has been created and has the app=backend label.
                                                                                                  
-
                                                                                                  $ kubectl get po -o wide
-NAME                       READY   STATUS    RESTARTS   AGE     IP            NODE         
-backend-658f6cb858-dlrz8   1/1     Running   0          2m36s   172.16.0.67   192.168.0.100
                                                                                                  
-
                                                                                                  You can configure the following pod affinity rule to deploy the frontend pods of the application to the same node as the backend pods.
                                                                                                  
-
                                                                                                  apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name:   frontend
-  labels:
-    app:  frontend
-spec:
-  selector:
-    matchLabels:
-      app: frontend
-  replicas: 3
-  template:
-    metadata:
-      labels:
-        app:  frontend
-    spec:
-      containers:
-      - image:  nginx:alpine
-        name:  frontend
-        resources:
-          requests:
-            cpu:  100m
-            memory:  200Mi
-          limits:
-            cpu:  100m
-            memory:  200Mi
-      imagePullSecrets:
-      - name: default-secret
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: kubernetes.io/hostname
-            labelSelector:
-              matchExpressions: 
-              - key: app
-                operator: In 
-                values: 
-                - backend
                                                                                                  
-
                                                                                                  Deploy the frontend and you can find that the frontend is deployed on the same node as the backend.
                                                                                                  
-
                                                                                                  $ kubectl create -f affinity3.yaml 
-deployment.apps/frontend created
-
-$ kubectl get po -o wide
-NAME                        READY   STATUS    RESTARTS   AGE     IP            NODE         
-backend-658f6cb858-dlrz8    1/1     Running   0          5m38s   172.16.0.67   192.168.0.100
-frontend-67ff9b7b97-dsqzn   1/1     Running   0          6s      172.16.0.70   192.168.0.100
-frontend-67ff9b7b97-hxm5t   1/1     Running   0          6s      172.16.0.71   192.168.0.100
-frontend-67ff9b7b97-z8pdb   1/1     Running   0          6s      172.16.0.72   192.168.0.100
                                                                                                  
-
                                                                                                  The topologyKey field is used to divide topology keys to specify the selection range. If the label keys and values of nodes are the same, the nodes are considered to be in the same topology key. Then, the contents defined in the following rules are selected. The effect of topologyKey is not fully demonstrated in the preceding example because all the nodes have the kubernetes.io/hostname label, that is, all the nodes are within the range.
                                                                                                  
-
                                                                                                  To see how topologyKey works, assume that the backend of the application has two pods, which are running on different nodes.
                                                                                                  
-
                                                                                                  $ kubectl get po -o wide
-NAME                       READY   STATUS    RESTARTS   AGE     IP            NODE         
-backend-658f6cb858-5bpd6   1/1     Running   0          23m     172.16.0.40   192.168.0.97
-backend-658f6cb858-dlrz8   1/1     Running   0          2m36s   172.16.0.67   192.168.0.100
                                                                                                  
-
                                                                                                  Add the prefer=true label to nodes 192.168.0.97 and 192.168.0.94.
                                                                                                  
-
                                                                                                  $ kubectl label node 192.168.0.97 prefer=true
-node/192.168.0.97 labeled
-$ kubectl label node 192.168.0.94 prefer=true
-node/192.168.0.94 labeled
-
-$ kubectl get node -L prefer
-NAME            STATUS   ROLES    AGE   VERSION                            PREFER
-192.168.0.100   Ready    <none>   44m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
-192.168.0.212   Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
-192.168.0.94    Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   true
-192.168.0.97    Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   true
                                                                                                  
-
                                                                                                  If the topologyKey of podAffinity is set to prefer, the node topology keys are divided as shown in Figure 2.
                                                                                                  
-
                                                                                                        affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: prefer
-            labelSelector:
-              matchExpressions: 
-              - key: app
-                operator: In 
-                values: 
-                - backend
                                                                                                  
-
                                                                                                  Figure 2 Topology keys
                                                                                                  
-
                                                                                                  During scheduling, node topology keys are divided based on the prefer label. In this example, 192.168.0.97 and 192.168.0.94 are divided into the same topology key. If a pod with the app=backend label runs in the topology key, even if not all nodes in the topology key run the pod with the app=backend label (in this example, only the 192.168.0.97 node has such a pod), frontend is also deployed in this topology key (192.168.0.97 or 192.168.0.94).
                                                                                                  
-
                                                                                                  $ kubectl create -f affinity3.yaml 
-deployment.apps/frontend created
-
-$ kubectl get po -o wide
-NAME                        READY   STATUS    RESTARTS   AGE     IP            NODE         
-backend-658f6cb858-5bpd6    1/1     Running   0          26m     172.16.0.40   192.168.0.97
-backend-658f6cb858-dlrz8    1/1     Running   0          5m38s   172.16.0.67   192.168.0.100
-frontend-67ff9b7b97-dsqzn   1/1     Running   0          6s      172.16.0.70   192.168.0.97
-frontend-67ff9b7b97-hxm5t   1/1     Running   0          6s      172.16.0.71   192.168.0.97
-frontend-67ff9b7b97-z8pdb   1/1     Running   0          6s      172.16.0.72   192.168.0.97
                                                                                                  
-
                                                                                                  
-
                                                                                                  Workload Anti-Affinity (podAntiAffinity)
                                                                                                  Unlike the scenarios in which pods are preferred to be scheduled onto the same node, sometimes, it could be the exact opposite. For example, if certain pods are deployed together, they will affect the performance.
                                                                                                  
-
                                                                                                   
                                                                                                  For workload anti-affinity, when requiredDuringSchedulingIgnoredDuringExecution is used, the default access controller LimitPodHardAntiAffinityTopology of Kubernetes requires that topologyKey can only be kubernetes.io/hostname. To use other custom topology logic, modify or disable the access controller.
                                                                                                  
-
                                                                                                  
-
                                                                                                  The following is an example of defining an anti-affinity rule. This rule divides node topology keys by the kubernetes.io/hostname label. If a pod with the app=frontend label already exists on a node in the topology key, pods with the same label cannot be scheduled to other nodes in the topology key.
                                                                                                  
-
                                                                                                  apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name:   frontend
-  labels:
-    app:  frontend
-spec:
-  selector:
-    matchLabels:
-      app: frontend
-  replicas: 5
-  template:
-    metadata:
-      labels:
-        app:  frontend
-    spec:
-      containers:
-      - image:  nginx:alpine
-        name:  frontend
-        resources:
-          requests:
-            cpu:  100m
-            memory:  200Mi
-          limits:
-            cpu:  100m
-            memory:  200Mi
-      imagePullSecrets:
-      - name: default-secret
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: kubernetes.io/hostname   # Topology key of the node
-            labelSelector:    # Pod label matching rule
-              matchExpressions: 
-              - key: app
-                operator: In 
-                values: 
-                - frontend
                                                                                                  
-
                                                                                                  Create an anti-affinity rule and view the deployment result. In the example, node topology keys are divided by the kubernetes.io/hostname label. The label values of nodes with the kubernetes.io/hostname label are different, so there is only one node in a topology key. If a topology key contains only one node where a frontend pod already exists, pods with the same label will not be scheduled to that topology key. In this example, there are only four nodes. Therefore, there is one pod which is in the Pending state and cannot be scheduled.
                                                                                                  
-
                                                                                                  $ kubectl create -f affinity4.yaml 
-deployment.apps/frontend created
-
-$ kubectl get po -o wide
-NAME                        READY   STATUS    RESTARTS   AGE   IP            NODE         
-frontend-6f686d8d87-8dlsc   1/1     Running   0          18s   172.16.0.76   192.168.0.100
-frontend-6f686d8d87-d6l8p   0/1     Pending   0          18s   <none>        <none>
-frontend-6f686d8d87-hgcq2   1/1     Running   0          18s   172.16.0.54   192.168.0.97 
-frontend-6f686d8d87-q7cfq   1/1     Running   0          18s   172.16.0.47   192.168.0.212
-frontend-6f686d8d87-xl8hx   1/1     Running   0          18s   172.16.0.23   192.168.0.94 
                                                                                                  
-
                                                                                                  
-
                                                                                                  Operator Values
                                                                                                  You can use the operator field to set the logical relationship of the usage rule. The value of operator can be:
                                                                                                  
-
                                                                                                  • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                  • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                  • Exists: The affinity or anti-affinity object has a specified label key.
                                                                                                  • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                                                  • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                                                  • Lt: (available only for node affinity) The label value of the scheduled node is less than the list value (string comparison).
                                                                                                  
 
                                                                                                  
 
 
                                                                                                  
 
                                                                                                  
-
                                                                                                  Parent topic: Configuring a Workload
                                                                                                  
+
                                                                                                  Parent topic: Scheduling a Workload
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0240.html b/docs/cce/umn/cce_10_0240.html
index bb0ef66bc..1232fdea7 100644
--- a/docs/cce/umn/cce_10_0240.html
+++ b/docs/cce/umn/cce_10_0240.html
@@ -1,66 +1,42 @@
 
 
 
                                                                                                  CCE Advanced HPA
                                                                                                  
-
                                                                                                  cce-hpa-controller is a CCE-developed add-on, which can be used to flexibly scale in or out Deployments based on metrics such as CPU usage and memory usage.
                                                                                                  
+
                                                                                                  CCE Advanced HPA (cce-hpa-controller) is a CCE-developed add-on, which can be used to flexibly scale in or out Deployments based on metrics such as CPU usage and memory usage.
                                                                                                  
 
                                                                                                  Main Functions
                                                                                                  • Scaling can be performed based on the percentage of the current number of pods.
                                                                                                  • The minimum scaling step can be set.
                                                                                                  • Different scaling operations can be performed based on the actual metric values.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Notes and Constraints
                                                                                                  • This add-on can be installed only in clusters of v1.15 or later.
                                                                                                  • If the add-on version is 1.2.11 or later, the add-ons that can provide metrics API must be installed.
                                                                                                    • Kubernetes Metrics Server: provides basic resource usage metrics, such as container CPU and memory usage. It is supported by all cluster versions.
                                                                                                    • Cloud Native Cluster Monitoring: available only in clusters of v1.17 or later.
+
                                                                                                      Notes and Constraints
                                                                                                      
 
                                                                                                      
-
                                                                                                      Installing the Add-on
                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. Click Add-ons in the navigation pane, locate CCE Advanced HPA on the right, and click Install.
                                                                                                      2. On the Install Add-on page, configure the specifications.
                                                                                                        
-
                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                        Table 1 Add-on configuration
                                                                                                        Parameter
                                                                                                        
-
                                                                                                        Description
                                                                                                        
-
                                                                                                        Add-on Specifications
                                                                                                        
-
                                                                                                        Select Single or Custom for Add-on Specifications.
                                                                                                        
-
                                                                                                         NOTE: 
                                                                                                        A single instance is solely for verification purposes. For commercial situations, you need to choose Custom based on the cluster specifications. The add-on specifications are influenced by the total number of containers in clusters and the number of scaling policies. For typical situations, it is recommended that you configure 500m CPU cores and 1,000 MiB of memory for every 5,000 containers. As for scaling policies, 100m CPU cores and 500 MiB of memory should be configured for every 1,000 of them.
                                                                                                        
+
                                                                                                        Installing the Add-on
                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CCE Advanced HPA on the right, and click Install.
                                                                                                        2. On the Install Add-on page, configure the specifications as needed.
                                                                                                          • If you selected Preset, the add-on specifications will be automatically configured based on the recommended values by CCE. These values are suitable for most scenarios and can be viewed on the console.
                                                                                                          • If you selected Custom, you can modify the number of replicas, CPUs, and memory of each add-on component as required.
                                                                                                             
                                                                                                            Replicas: HA is not possible with just one replica, so one replica is used only for verification. In commercial scenarios, you can configure multiple replicas based on the cluster specifications.
                                                                                                            
+
                                                                                                            CPU Quota and Memory Quota: The resource quotas of a component are affected by how many containers and scaling policies in a cluster. For typical situations, it is recommended that you configure 500m CPU cores and 1,000 MiB of memory for every 5,000 containers in a cluster. As for scaling policies, 100m CPU cores and 500 MiB of memory should be configured for every 1,000 of them.
                                                                                                            
 
                                                                                                            
-
                                                                                                        Pods
                                                                                                        
-
                                                                                                        Number of pods that will be created to match the selected add-on specifications.
                                                                                                        
-
                                                                                                        If you select Custom, you can adjust the number of pods as required.
                                                                                                        
-
                                                                                                        High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                                                                        
-
                                                                                                        Containers
                                                                                                        
-
                                                                                                        CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                                                                        
-
                                                                                                        If you select Custom, you can adjust the container specifications as required.
                                                                                                        
-
                                                                                                        
-
                                                                                                        
-
                                                                                                      3. Configure scheduling policies for the add-on.
                                                                                                         
                                                                                                        • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                                                                        • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                                                                        
+
                                                                                                    
+
                                                                                                  • Configure the add-on parameters.
                                                                                                    • AHPA Policy: After this function is enabled, historical monitoring metrics can be used to predict the required number of replicas and scales accordingly. For details, see Creating an AHPA Policy.
                                                                                                      To enable AHPA, make sure to install the Cloud Native Cluster Monitoring add-on and enable the function that reports monitoring data to AOM. For details, see Cloud Native Cluster Monitoring.
                                                                                                      
+
                                                                                                    
+
                                                                                                  • Configure deployment policies for the add-on pods.
                                                                                                     
                                                                                                    • Scheduling policies do not take effect on add-on instances of the DaemonSet type.
                                                                                                    • When configuring multi-AZ deployment or node affinity, ensure that there are nodes meeting the scheduling policy and that resources are sufficient in the cluster. Otherwise, the add-on cannot run.
                                                                                                    
 
                                                                                                    
 
-
                                                                                                    Table 2 Configurations for add-on scheduling
                                                                                                    Parameter
                                                                                                    
+
                                                                                                    
-
-
-
-
-
-
-
@@ -71,7 +47,7 @@
 
                                                                                                  • Click Install.
                                                                                                    • Components
                                                                                                    
-
                                                                                                    Table 1 Configurations for add-on scheduling
                                                                                                    Parameter
                                                                                                    
 
                                                                                                    Description
                                                                                                    
+
                                                                                                    Description
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    Multi AZ
                                                                                                    
+
                                                                                                    Multi-AZ Deployment
                                                                                                    
 
                                                                                                    • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                                                                    • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                                                                    • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                                                                    
+
                                                                                                    • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
                                                                                                    • Equivalent mode: Deployment pods of the add-on are evenly scheduled to the nodes in the cluster in each AZ. If a new AZ is added, you are advised to increase add-on pods for cross-AZ HA deployment. With the Equivalent multi-AZ deployment, the difference between the number of add-on pods in different AZs will be less than or equal to 1. If resources in one of the AZs are insufficient, pods cannot be scheduled to that AZ.
                                                                                                    • Forcible: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. There can be at most one pod in each AZ. If nodes in a cluster are not in different AZs, some add-on pods cannot run properly. If a node is faulty, add-on pods on it may fail to be migrated.
                                                                                                    
                                                                                                     		
 
                                                                                                    Node Affinity
                                                                                                    
+
                                                                                                    Node Affinity
                                                                                                    
 
                                                                                                    • Not configured: Node affinity is disabled for the add-on.
                                                                                                    • Node Affinity: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                                                    • Specified Node Pool Scheduling: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                                                    • Custom Policies: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                                                      If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                                                                      
+
                                                                                                    • Not configured: Node affinity is disabled for the add-on.
                                                                                                    • Specify node: Specify the nodes where the add-on is deployed. If you do not specify the nodes, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                                                    • Specify node pool: Specify the node pool where the add-on is deployed. If you do not specify the node pool, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                                                    • Customize affinity: Enter the labels of the nodes where the add-on is to be deployed for more flexible scheduling policies. If you do not specify node labels, the add-on will be randomly scheduled based on the default cluster scheduling policy.
                                                                                                      If multiple custom affinity policies are configured, ensure that there are nodes that meet all the affinity policies in the cluster. Otherwise, the add-on cannot run.
                                                                                                      
 
                                                                                                    
                                                                                                     		
 
                                                                                                    Toleration
                                                                                                    
+
                                                                                                    Toleration
                                                                                                    
 
                                                                                                    Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.
                                                                                                    
+
                                                                                                    Using both taints and tolerations allows (not forcibly) the add-on Deployment to be scheduled to a node with the matching taints, and controls the Deployment eviction policies after the node where the Deployment is located is tainted.
                                                                                                    
 
                                                                                                    The add-on adds the default tolerance policy for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints, respectively. The tolerance time window is 60s.
                                                                                                    
 
                                                                                                    For details, see Configuring Tolerance Policies.
                                                                                                    
                                                                                                     		
 
 
                                                                                                    Table 3 Add-on components
                                                                                                    Component
                                                                                                    
+
                                                                                                    
@@ -91,7 +67,7 @@
 
                                                                                                    Change History
                                                                                                    
-
                                                                                                    Table 2 Add-on components
                                                                                                    Component
                                                                                                    
                                                                                                     		
 
                                                                                                    Description
                                                                                                    
                                                                                                     		
 
 
                                                                                                    Table 4 Release history
                                                                                                    Add-on Version
                                                                                                    
+
                                                                                                    
@@ -99,7 +75,20 @@
 
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                    Table 3 Release history
                                                                                                    Add-on Version
                                                                                                    
                                                                                                     		
 
                                                                                                    Supported Cluster Version
                                                                                                    
                                                                                                     		
 
                                                                                                    
 
                                                                                                    1.4.3
                                                                                                    
+
                                                                                                    1.5.3
                                                                                                    
+
                                                                                                    v1.21
                                                                                                    
+
                                                                                                    v1.23
                                                                                                    
+
                                                                                                    v1.25
                                                                                                    
+
                                                                                                    v1.27
                                                                                                    
+
                                                                                                    v1.28
                                                                                                    
+
                                                                                                    v1.29
                                                                                                    
+
                                                                                                    v1.30
                                                                                                    
+
                                                                                                    AHPA is available.
                                                                                                    
+
                                                                                                    1.4.3
                                                                                                    
                                                                                                     		
 
                                                                                                    v1.21
                                                                                                    
 
                                                                                                    v1.23
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0245.html b/docs/cce/umn/cce_10_0245.html
index ea109ec75..5fe0e6d90 100644
--- a/docs/cce/umn/cce_10_0245.html
+++ b/docs/cce/umn/cce_10_0245.html
@@ -9,7 +9,7 @@
 
                                                                                                    Permission Design
                                                                                                    The following uses company X as an example.
                                                                                                    
 
                                                                                                    Generally, a company has multiple departments or projects, and each department has multiple members. Design how permissions are to be assigned to different groups and projects, and set a user name for each member to facilitate subsequent user group and permissions configuration.
                                                                                                    
 
                                                                                                    The following figure shows the organizational structure of a department in a company and the permissions to be assigned to each member:
                                                                                                    
-
                                                                                                    
+
                                                                                                    
 
                                                                                                    
 
                                                                                                    Director: David
                                                                                                    David is a department director of company X. To assign him all CCE permissions (both cluster and namespace permissions), create the cce-admin user group for David on the IAM console and assign the CCE Administrator role.
                                                                                                    
 
                                                                                                     
                                                                                                    CCE Administrator: This role has all CCE permissions. You do not need to assign other permissions.
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0249.html b/docs/cce/umn/cce_10_0249.html
index fea8a7a2e..d73302981 100644
--- a/docs/cce/umn/cce_10_0249.html
+++ b/docs/cce/umn/cce_10_0249.html
@@ -210,6 +210,32 @@ nginx   LoadBalancer   10.247.76.156   
 
                                                                                                    The access failed.
                                                                                                    
                                                                                                     		
 
                                                                                                    nginx-ingress add-on connected with a dedicated load balancer (Local)
                                                                                                    
+
                                                                                                    Private network
                                                                                                    
+
                                                                                                    Same node as cceaddon-nginx-ingress-controller pod
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    Other containers on the same node as the cceaddon-nginx-ingress-controller pod
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    The access failed.
                                                                                                    
+
                                                                                                    
                                                                                                     
 
                                                                                                    
 
                                                                                                    
diff --git a/docs/cce/umn/cce_10_0251.html b/docs/cce/umn/cce_10_0251.html
index a29446260..c10b6abf4 100644
--- a/docs/cce/umn/cce_10_0251.html
+++ b/docs/cce/umn/cce_10_0251.html
@@ -1,129 +1,130 @@
 
 
 
                                                                                                    Creating a LoadBalancer Ingress on the Console
                                                                                                    
-
                                                                                                    Prerequisites
                                                                                                    
+
                                                                                                    In Kubernetes, an ingress is a resource object that controls how Services within a cluster can be accessed from outside the cluster. You can use ingresses to configure different forwarding rules to access pods in a cluster. The following uses an Nginx workload as an example to describe how to create a LoadBalancer ingress on the console.
                                                                                                    
+
                                                                                                    Prerequisites
                                                                                                    
 
                                                                                                    
 
                                                                                                    Notes and Constraints
                                                                                                    • It is recommended that other resources not use the load balancer automatically created by an ingress. Otherwise, the load balancer will be occupied when the ingress is deleted, resulting in residual resources.
                                                                                                    • After an ingress is created, upgrade and maintain the configuration of the selected load balancers on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                                                    • The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                                                    • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                                                                    • A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                                                                    • If multiple ingresses access the same ELB port in a cluster, the listener configuration items (such as the certificate associated with the listener and the HTTP/2 attribute of the listener) are subject to the configuration of the first ingress.
                                                                                                    
 
                                                                                                    
 
                                                                                                    Adding a LoadBalancer Ingress
                                                                                                    This section uses an Nginx workload as an example to describe how to add a LoadBalancer ingress.
                                                                                                    
-
                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                    2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                    3. Configure ingress parameters.
                                                                                                      • Name: Customize the name of an ingress, for example, ingress-demo.
                                                                                                      • Interconnect with Nginx: This option is displayed only after the NGINX Ingress Controller add-on is installed. If this option is available, the NGINX Ingress Controller add-on has been installed. Enabling this option will create an Nginx ingress. Disable it if you want to create a LoadBalancer ingress. For details, see Creating Nginx Ingresses on the Console.
                                                                                                      • Load Balancer: Select a load balancer type and creation mode.
                                                                                                        A load balancer can be dedicated or shared. A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks.
                                                                                                        
+
                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                        3. Configure ingress parameters.
                                                                                                          • Name: Customize the name of an ingress, for example, ingress-demo.
                                                                                                          • Interconnect with Nginx: This option is displayed only after the NGINX Ingress Controller add-on is installed. If this option is available, the NGINX Ingress Controller add-on has been installed. Enabling this option will create an Nginx ingress. Disable it if you want to create a LoadBalancer ingress. For details, see Creating an Nginx Ingress on the Console.
                                                                                                          • Load Balancer: Select a load balancer type and creation mode.
                                                                                                            A load balancer can be dedicated or shared. A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks.
                                                                                                            
 
                                                                                                            You can select Use existing or Auto create to obtain a load balancer. For details about the configuration of different creation modes, see Table 1.
-
                                                                                                            Table 1 Load balancer configurations
                                                                                                            How to Create
                                                                                                            
+
                                                                                                            
-
-
-
-
-
                                                                                                            Table 1 Load balancer configurations
                                                                                                            How to Create
                                                                                                            
 
                                                                                                            Configuration
                                                                                                            
+
                                                                                                            Configuration
                                                                                                            
                                                                                                             		
 
                                                                                                            
 
                                                                                                            Use existing
                                                                                                            
+
                                                                                                            Use existing
                                                                                                            
 
                                                                                                            Only the load balancers in the same VPC as the cluster can be selected. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                                                                                                            
+
                                                                                                            Only the load balancers in the same VPC as the cluster can be selected. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                                                                                                            
                                                                                                             		
 
                                                                                                            Auto create
                                                                                                            
+
                                                                                                            Auto create
                                                                                                            
 
                                                                                                            • Instance Name: Enter a load balancer name.
                                                                                                            • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                                            • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                                                                            • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                                                                            • Network/Application-oriented Specifications (available only to dedicated load balancers)
                                                                                                              • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                                                                              • Fixed: applies to stable traffic, billed based on specifications.
                                                                                                              
-
                                                                                                            • EIP: If you select Auto create, you can configure the billing mode and size of the public network bandwidth.
                                                                                                            • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.
                                                                                                            
+
                                                                                                            • Instance Name: Enter a load balancer name.
                                                                                                            • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                                            • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                                                                            • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                                                                            • Network Specifications, Application-oriented Specifications, or Specifications (available only to dedicated load balancers)
                                                                                                              • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                                                                              • Fixed: applies to stable traffic, billed based on specifications.
                                                                                                              
+
                                                                                                            • EIP: If you select Auto create, you can configure the size of the public network bandwidth.
                                                                                                            • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.
                                                                                                            
                                                                                                             		
 
                                                                                                            
                                                                                                             
 
                                                                                                            
 
                                                                                                            
 
-
                                                                                                          • Listener: An ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s__<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                                                                            • External Protocol: HTTP and HTTPS are available.
                                                                                                            • External Port: port number that is open to the ELB service address. The port number is configurable.
                                                                                                            • Access Control
                                                                                                              • Allow all IP addresses: No access control is configured.
                                                                                                              • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                              • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                              
-
                                                                                                            • Certificate Source: TLS secret and ELB server certificate are supported.
                                                                                                            • Server Certificate: When an HTTPS listener is created for a load balancer, bind a certificate to the load balancer to support encrypted authentication for HTTPS data transmission.
                                                                                                              • TLS secret: For details about how to create a secret certificate, see Creating a Secret.
                                                                                                              • ELB server certificate: Use the certificate created in the ELB service.
                                                                                                              
-
                                                                                                               
                                                                                                              If there is already an HTTPS ingress for the chosen port on the load balancer, the certificate of the new HTTPS ingress must be the same as the certificate of the existing ingress. This means that a listener has only one certificate. If two certificates, each with a different ingress, are added to the same listener of the same load balancer, only the certificate added earliest takes effect on the load balancer.
                                                                                                              
+
                                                                                                            • Listener: An ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s__<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                                                                              • External Protocol: HTTP and HTTPS are available.
                                                                                                              • External Port: port number that is open to the ELB service address. The port number is configurable.
                                                                                                              • Access Control
                                                                                                                • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                • Allow all IP addresses: No access control is configured.
                                                                                                                • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                
+
                                                                                                              • Certificate Source: TLS secret and ELB server certificates are supported.
                                                                                                                • TLS secret: For details about how to create a secret certificate, see Creating a Secret.
                                                                                                                • ELB server certificate: Use a certificate created in the ELB service.
                                                                                                                
+
                                                                                                              • Server Certificate: When an HTTPS listener is created for a load balancer, bind a certificate to the load balancer to support encrypted authentication for HTTPS data transmission.
                                                                                                                 
                                                                                                                If there is already an HTTPS ingress for the chosen port on the load balancer, the certificate of the new HTTPS ingress must be the same as the certificate of the existing ingress. This means that a listener has only one certificate. If two certificates, each with a different ingress, are added to the same listener of the same load balancer, only the certificate added earliest takes effect on the load balancer.
                                                                                                                
 
                                                                                                                
 
                                                                                                              • SNI: stands for Server Name Indication (SNI), which is an extended protocol of TLS. SNI allows multiple TLS-compliant domain names for external access using the same IP address and port number, and different domain names can use different security certificates. After SNI is enabled, the client is allowed to submit the requested domain name when initiating a TLS handshake request. After receiving the TLS request, the load balancer searches for the certificate based on the domain name in the request. If the certificate corresponding to the domain name is found, the load balancer returns the certificate for authorization. Otherwise, the default certificate (server certificate) is returned for authorization.
                                                                                                                 
                                                                                                                • The SNI option is available only when HTTPS is used.
                                                                                                                
-
                                                                                                                • This function is supported only in clusters of v1.15.11 and later.
                                                                                                                • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                • For ingresses connected to the same ELB port, do not configure SNIs with the same domain name but different certificates. Otherwise, the SNIs will be overwritten.
                                                                                                                
+
                                                                                                                • This function is supported only in clusters of v1.15.11 or later.
                                                                                                                • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                • For ingresses connected to the same ELB port, do not configure SNIs with the same domain name but different certificates. Otherwise, the SNIs will be overwritten.
                                                                                                                
 
                                                                                                                
 
                                                                                                              • Security Policy: combinations of different TLS versions and supported cipher suites available to HTTPS listeners.
                                                                                                                For details about security policies, see ELB User Guide.
                                                                                                                
-
                                                                                                                 
                                                                                                                • Security Policy is available only when HTTPS is selected.
                                                                                                                • This function is supported only in clusters of v1.17.9 and later.
                                                                                                                
+
                                                                                                                 
                                                                                                                • Security Policy is available only when HTTPS is selected.
                                                                                                                • This function is supported only in clusters of v1.17.9 or later.
                                                                                                                
 
                                                                                                                
 
                                                                                                              • Backend Protocol:
                                                                                                                When the listener is HTTP-compliant, only HTTP can be selected.
                                                                                                                
 
                                                                                                                If it is an HTTPS listener, this parameter can be set to HTTP or HTTPS. 
                                                                                                                
 
                                                                                                              • Advanced Options
-
                                                                                                                Configuration
                                                                                                                
+
                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                Configuration
                                                                                                                
 
                                                                                                                Description
                                                                                                                
+
                                                                                                                Description
                                                                                                                
 
                                                                                                                Restrictions
                                                                                                                
+
                                                                                                                Restrictions
                                                                                                                
                                                                                                                 		
 
                                                                                                                
 
                                                                                                                Idle Timeout
                                                                                                                
+
                                                                                                                Idle Timeout
                                                                                                                
 
                                                                                                                Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                
+
                                                                                                                Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                
 
                                                                                                                None
                                                                                                                
+
                                                                                                                None
                                                                                                                
                                                                                                                 		
 
                                                                                                                Request Timeout
                                                                                                                
+
                                                                                                                Request Timeout
                                                                                                                
 
                                                                                                                Timeout for waiting for a request from a client. There are two cases:
                                                                                                                
+
                                                                                                                Timeout for waiting for a request from a client. There are two cases:
                                                                                                                
 
                                                                                                                • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                
 
                                                                                                                None
                                                                                                                
+
                                                                                                                None
                                                                                                                
                                                                                                                 		
 
                                                                                                                Response Timeout
                                                                                                                
+
                                                                                                                Response Timeout
                                                                                                                
 
                                                                                                                Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                
+
                                                                                                                Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                
 
                                                                                                                None
                                                                                                                
+
                                                                                                                None
                                                                                                                
                                                                                                                 		
 
                                                                                                                HTTP2
                                                                                                                
+
                                                                                                                HTTP2
                                                                                                                
 
                                                                                                                Whether to use HTTP/2 for a client to communicate with a load balancer. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                
+
                                                                                                                Whether to use HTTP/2 for a client to communicate with a load balancer. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                
 
                                                                                                                This function is available only when the listener is HTTPS-compliant.
                                                                                                                
+
                                                                                                                This function is available only when the listener is HTTPS-compliant.
                                                                                                                
                                                                                                                 		
 
                                                                                                                
                                                                                                                 
 
                                                                                                                
 
                                                                                                                
 
-
                                                                                                              • Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL, for example, 10.117.117.117:80/helloworld), the request is forwarded to the corresponding target Service for processing. You can click  to add multiple forwarding policies.
                                                                                                                • Domain Name: actual domain name. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                                                                • URL Matching Rule
                                                                                                                  • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                                                                  • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                                                                  • RegEX match: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                                                                  
-
                                                                                                                • URL: access path to be registered, for example, /healthz.
                                                                                                                   
                                                                                                                  The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                  
+
                                                                                                                • Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL, for example, 10.117.117.117:80/helloworld), the request is forwarded to the corresponding target Service for processing. You can click  to add multiple forwarding policies.
                                                                                                                  • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                  • Path Matching Rule:
                                                                                                                    • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                                                                    • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                                                                    • RegEX match: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                                                                    
+
                                                                                                                  • Path: access path, for example, /healthz
                                                                                                                     
                                                                                                                    The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                    
 
                                                                                                                    For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                  • Destination Service: Select an existing Service or create a Service. Services that do not meet search criteria are automatically filtered out.
                                                                                                                  • Destination Service Port: Select the access port of the destination Service.
                                                                                                                  • Set ELB:
                                                                                                                    • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                       
                                                                                                                      • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                      • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                      • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                                                      
+
                                                                                                                    • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                    • Destination Service Port: Select the access port of the destination Service.
                                                                                                                    • Set ELB:
                                                                                                                      • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                         
                                                                                                                        • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                        • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                        • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                      • Sticky Session: This function is disabled by default. Options are as follows:
                                                                                                                        • Load balancer cookie: Enter the Stickiness Duration , which ranges from 1 to 1440 minutes.
                                                                                                                        
 
                                                                                                                         
                                                                                                                        • When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                                                        • Dedicated load balancers in the clusters of a version earlier than v1.21 do not support sticky sessions. If sticky sessions are required, use shared load balancers.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                      • Health Check: Set the health check configuration of the load balancer. If this function is enabled, the following configurations are supported:
-
                                                                                                                        Parameter
                                                                                                                        
+
                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
@@ -131,11 +132,11 @@
 
                                                                                                                      • Operation: Click Delete to delete the configuration.
                                                                                                                        • 
-
                                                                                                                      • Annotation: Ingresses provide some advanced CCE functions, which are implemented by annotations. When you use kubectl to create a container, annotations will be used. For details, see Creating an Ingress - Automatically Creating a Load Balancer or Creating an Ingress - Interconnecting with an Existing Load Balancer.
                                                                                                                        • 
+
                                                                                                                      • Annotation: Ingresses provide some advanced CCE functions, which are implemented by annotations. When you use kubectl to create a container, annotations will be used. For details, see Automatically Creating a Load Balancer While Creating an Ingress or Associating an Existing Load Balancer to an Ingress While Creating the Ingress.
                                                                                                                      • Click OK. After the ingress is created, it is displayed in the ingress list.
                                                                                                                        On the ELB console, you can check the load balancer automatically created through CCE. The default name is cce-lb-<ingress.UID>. Click the load balancer name to go to the details page. On the Listeners tab page, check the listener and forwarding policy of the target ingress.
                                                                                                                        
 
                                                                                                                         
                                                                                                                        After an ingress is created, upgrade and maintain the selected load balancer on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                      • Access the /healthz interface of the workload, for example, workload defaultbackend.
                                                                                                                        1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                                                                        2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                                                                          Figure 1 Accessing the /healthz interface of defaultbackend
                                                                                                                          
+
                                                                                                                        3. Access the /healthz interface of the workload, for example, workload defaultbackend.
                                                                                                                          1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                                                                          2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                                                                            Figure 1 Accessing the /healthz interface of defaultbackend
                                                                                                                            
 
                                                                                                                          
 
                                                                                                                        
 
diff --git a/docs/cce/umn/cce_10_0252.html b/docs/cce/umn/cce_10_0252.html
index 73ba4c548..49a6c5a92 100644
--- a/docs/cce/umn/cce_10_0252.html
+++ b/docs/cce/umn/cce_10_0252.html
@@ -1,20 +1,21 @@
 
 
-
                                                                                                                        Using kubectl to Create a LoadBalancer Ingress
                                                                                                                        
-
                                                                                                                        Scenario
                                                                                                                        This section uses an Nginx workload as an example to describe how to create a LoadBalancer ingress using kubectl.
                                                                                                                        
-
-
                                                                                                                        
-
                                                                                                                        Prerequisites
                                                                                                                        • An ingress provides network access for backend workloads. Ensure that a workload is available in a cluster. If no workload is available, deploy a sample Nginx workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                        • Services Supported by Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                        • A dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                                                                                        
-
                                                                                                                        
-
                                                                                                                        Ingress Description of networking.k8s.io/v1
                                                                                                                        In CCE clusters of v1.23 or later, the ingress version is switched to networking.k8s.io/v1.
                                                                                                                        
-
                                                                                                                        Compared with v1beta1, v1 has the following differences in parameters:
                                                                                                                        
-
                                                                                                                        • The ingress type is changed from kubernetes.io/ingress.class in annotations to spec.ingressClassName.
                                                                                                                        • The format of backend is changed.
                                                                                                                        • The pathType parameter must be specified for each path. The options are as follows:
                                                                                                                          • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                                                                          • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                          • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                                                                          
+
                                                                                                                          Creating a LoadBalancer Ingress Using kubectl
                                                                                                                          
+
                                                                                                                          This section uses an Nginx workload as an example to describe how to create a LoadBalancer ingress using kubectl.
                                                                                                                          
+
+
                                                                                                                          Ingress API Version Upgrade in CCE Clusters v1.23
                                                                                                                          In CCE clusters of v1.23 or later, the ingress version is switched to networking.k8s.io/v1.
                                                                                                                          
+
                                                                                                                          Compared with v1beta1, v1 has the following differences in parameters:
                                                                                                                          
+
                                                                                                                          • The ingress type is specified by spec.ingressClassName instead of kubernetes.io/ingress.class in annotations.
                                                                                                                          • The format of backend has changed.
                                                                                                                          • The pathType parameter must be specified for each path. The options are as follows:
                                                                                                                            • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                                                                            • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                            • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                                                                            
 
                                                                                                                          
-
                                                                                                                          
+
                                                                                                                          
+
                                                                                                                          
+
                                                                                                                          Prerequisites
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          Creating an Ingress - Automatically Creating a Load Balancer
                                                                                                                          The following describes how to run the kubectl command to automatically create a load balancer when creating an ingress.
                                                                                                                          
-
                                                                                                                          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                            vi ingress-test.yaml
                                                                                                                            
-
                                                                                                                             
                                                                                                                            Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress Description of networking.k8s.io/v1.
                                                                                                                            
+
                                                                                                                            Creating an Ingress Using kubectl
                                                                                                                            You can determine whether to automatically create a load balancer or use an existing one when creating an ingress.
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            Automatically Creating a Load Balancer While Creating an Ingress
                                                                                                                            The following describes how to run the kubectl command to automatically create a load balancer when creating an ingress.
                                                                                                                            
+
                                                                                                                            1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                            2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                              vi ingress-test.yaml
                                                                                                                              
+
                                                                                                                               
                                                                                                                              Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress API Version Upgrade in CCE Clusters v1.23.
                                                                                                                              
 
                                                                                                                              
 
                                                                                                                              Example of a shared load balancer (public network access) for clusters of v1.23 or later:
                                                                                                                              apiVersion: networking.k8s.io/v1
 kind: Ingress 
@@ -34,6 +35,7 @@ metadata:
           "vip_address": "**.**.**.**",
           "eip_type":"5_bgp"
         }'
+    kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
 spec:
   rules: 
   - host: ''
@@ -67,6 +69,7 @@ metadata:
           "bandwidth_sharetype":"PER",
           "eip_type":"5_bgp"
         }'
+    kubernetes.io/elb.tags: key1=value1,key2=value2           # ELB resource tags
 spec:
   rules: 
   - host: ''
@@ -157,133 +160,133 @@ spec:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                              
 
                                                                                                                              
 
-
                                                                                                                        • Parameter
                                                                                                                        
 
                                                                                                                        Description
                                                                                                                        
+
                                                                                                                        Description
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        Protocol
                                                                                                                        
+
                                                                                                                        Protocol
                                                                                                                        
 
                                                                                                                        When the protocol of the target Service port is TCP, more protocols including HTTP are supported. 
                                                                                                                        
+
                                                                                                                        When the protocol of the target Service port is TCP, more protocols including HTTP are supported. 
                                                                                                                        
 
                                                                                                                        • Check Path (supported only by HTTP for health check): specifies the health check URL. The check path must start with a slash (/) and contain 1 to 80 characters.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Port
                                                                                                                        
+
                                                                                                                        Port
                                                                                                                        
 
                                                                                                                        By default, the service port (NodePort or container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                                                                        
+
                                                                                                                        By default, the service port (NodePort or container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                                                                        
 
                                                                                                                        • Node Port: If a shared load balancer is used or no ENI instance is associated, the node port is used as the health check port. If this parameter is not specified, a random port is used. The value ranges from 30000 to 32767.
                                                                                                                        • Container Port: When a dedicated load balancer is associated with an ENI instance, the container port is used for health check. The value ranges from 1 to 65535.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Check Period (s)
                                                                                                                        
+
                                                                                                                        Check Period (s)
                                                                                                                        
 
                                                                                                                        Specifies the maximum interval between health checks. The value ranges from 1 to 50.
                                                                                                                        
+
                                                                                                                        Specifies the maximum interval between health checks. The value ranges from 1 to 50.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Timeout (s)
                                                                                                                        
+
                                                                                                                        Timeout (s)
                                                                                                                        
 
                                                                                                                        Specifies the maximum timeout duration for each health check. The value ranges from 1 to 50.
                                                                                                                        
+
                                                                                                                        Specifies the maximum timeout duration for each health check. The value ranges from 1 to 50.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        Max. Retries
                                                                                                                        
+
                                                                                                                        Max. Retries
                                                                                                                        
 
                                                                                                                        Specifies the maximum number of health check retries. The value ranges from 1 to 10.
                                                                                                                        
+
                                                                                                                        Specifies the maximum number of health check retries. The value ranges from 1 to 10.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
                                                                                                                         
 
 
 
                                                                                                                        Table 1 Key parameters
                                                                                                                        Parameter
                                                                                                                        
+
                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                        Table 1 Key parameters
                                                                                                                        Parameter
                                                                                                                        
 
                                                                                                                        Mandatory
                                                                                                                        
+
                                                                                                                        Mandatory
                                                                                                                        
 
                                                                                                                        Type
                                                                                                                        
+
                                                                                                                        Type
                                                                                                                        
 
                                                                                                                        Description
                                                                                                                        
+
                                                                                                                        Description
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        kubernetes.io/elb.class
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.class
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Select a proper load balancer type.
                                                                                                                        
-
                                                                                                                        • union: shared load balancer
                                                                                                                        • performance: dedicated load balancer..
                                                                                                                        
+
                                                                                                                        Select a proper load balancer type.
                                                                                                                        
+
                                                                                                                        • union: shared load balancer
                                                                                                                        • performance: dedicated load balancer
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        kubernetes.io/ingress.class
                                                                                                                        
+
                                                                                                                        kubernetes.io/ingress.class
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        (only for clusters of v1.21 or earlier)
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                                                                        
+
                                                                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                                                                        
 
                                                                                                                        This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        ingressClassName
                                                                                                                        
+
                                                                                                                        ingressClassName
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        (only for clusters of v1.23 or later)
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                                                                        
+
                                                                                                                        cce: A proprietary LoadBalancer ingress is used.
                                                                                                                        
 
                                                                                                                        This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        kubernetes.io/elb.port
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.port
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                        
+
                                                                                                                        This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                        
 
                                                                                                                        The value ranges from 1 to 65535.
                                                                                                                        
 
                                                                                                                         NOTE: 
                                                                                                                        Some ports are high-risk ports and are blocked by default, for example, port 21.
                                                                                                                        
 
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        kubernetes.io/elb.subnet-id
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.subnet-id
                                                                                                                        
 
                                                                                                                        None
                                                                                                                        
+
                                                                                                                        None
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                        
+
                                                                                                                        ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                        
 
                                                                                                                        • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                        • Optional for clusters later than v1.11.7-r0. It is left blank by default.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        kubernetes.io/elb.autocreate
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.autocreate
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        elb.autocreate object
                                                                                                                        
+
                                                                                                                        elb.autocreate object
                                                                                                                        
 
                                                                                                                        Whether to automatically create a load balancer associated with an ingress. For details about the field description, see Table 2.
                                                                                                                        
+
                                                                                                                        Whether to automatically create a load balancer associated with an ingress. For details about the field description, see Table 2.
                                                                                                                        
 
                                                                                                                        Example
                                                                                                                        
-
                                                                                                                        • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                          '{"type":"public","bandwidth_name":"cce-bandwidth-******","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                          
-
                                                                                                                        • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                          {"type":"inner","name":"A-location-d-test"}
                                                                                                                          
+
                                                                                                                          • Automatically created shared load balancer with an EIP bound:
                                                                                                                            '{"type":"public","bandwidth_name":"cce-bandwidth-******","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                            
+
                                                                                                                          • Automatically created shared load balancer:
                                                                                                                            {"type":"inner","name":"A-location-d-test"}
                                                                                                                            
 
                                                                                                                          
 
                                                                                                                        		
 
                                                                                                                        kubernetes.io/elb.tags
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.tags
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Whether to add resource tags to a load balancer. This function is available only when the load balancer is automatically created, and the cluster is of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later.
                                                                                                                        
+
                                                                                                                        Whether to add resource tags to a load balancer. This function is available only when the load balancer is automatically created, and the cluster is of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later.
                                                                                                                        
 
                                                                                                                        A tag is in the format of "key=value". Use commas (,) to separate multiple tags.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        host
                                                                                                                        
+
                                                                                                                        host
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                                                                        
+
                                                                                                                        Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        path
                                                                                                                        
+
                                                                                                                        path
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        User-defined route path. All external access requests must match host and path.
                                                                                                                        
+
                                                                                                                        User-defined route path. All external access requests must match host and path.
                                                                                                                        
 
                                                                                                                         NOTE: 
                                                                                                                        The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                        
 
                                                                                                                        For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                                                        
 
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        ingress.beta.kubernetes.io/url-match-mode
                                                                                                                        
+
                                                                                                                        ingress.beta.kubernetes.io/url-match-mode
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Route matching policy.
                                                                                                                        
+
                                                                                                                        Route matching policy.
                                                                                                                        
 
                                                                                                                        Default: STARTS_WITH (prefix match)
                                                                                                                        
 
                                                                                                                        Options:
                                                                                                                        
 
                                                                                                                        • EQUAL_TO: exact match
                                                                                                                        • STARTS_WITH: prefix match
                                                                                                                        • REGEX: regular expression match
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        pathType
                                                                                                                        
+
                                                                                                                        pathType
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Path type. This field is supported only by clusters of v1.23 or later.
                                                                                                                        • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE.
                                                                                                                        • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                        • Prefix: prefix matching, which is case-sensitive. With this method, the URL path is separated into multiple elements by slashes (/) and the elements are matched one by one. If each element in the URL matches the path, the subpaths of the URL can be routed normally.
                                                                                                                           NOTE: 
                                                                                                                          • During prefix matching, each element must be exactly matched. If the last element of the URL is the substring of the last element in the request path, no matching is performed. For example, /foo/bar matches /foo/bar/baz but does not match /foo/barbaz.
                                                                                                                          • When elements are separated by slashes (/), if the URL or request path ends with a slash (/), the slash (/) at the end is ignored. For example, /foo/bar matches /foo/bar/.
                                                                                                                          
+
                                                                                                                        Path type. This field is supported only by clusters of v1.23 or later.
                                                                                                                        • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE.
                                                                                                                        • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                        • Prefix: prefix matching, which is case-sensitive. With this method, the URL path is separated into multiple elements by slashes (/) and the elements are matched one by one. If each element in the URL matches the path, the subpaths of the URL can be routed normally.
                                                                                                                           NOTE: 
                                                                                                                          • During prefix matching, each element must be exactly matched. If the last element of the URL is the substring of the last element in the request path, no matching is performed. For example, /foo/bar matches /foo/bar/baz but does not match /foo/barbaz.
                                                                                                                          • When elements are separated by slashes (/), if the URL or request path ends with a slash (/), the slash (/) at the end is ignored. For example, /foo/bar matches /foo/bar/.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                        
@@ -294,153 +297,153 @@ spec:
 
                                                                                                                        
 
                                                                                                                        
 
-
                                                                                                                        Table 2 elb.autocreate data structure
                                                                                                                        Parameter
                                                                                                                        
+
                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                        Table 2 elb.autocreate data structure
                                                                                                                        Parameter
                                                                                                                        
 
                                                                                                                        Mandatory
                                                                                                                        
+
                                                                                                                        Mandatory
                                                                                                                        
 
                                                                                                                        Type
                                                                                                                        
+
                                                                                                                        Type
                                                                                                                        
 
                                                                                                                        Description
                                                                                                                        
+
                                                                                                                        Description
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        name
                                                                                                                        
+
                                                                                                                        name
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Name of the automatically created load balancer.
                                                                                                                        
+
                                                                                                                        Name of the automatically created load balancer.
                                                                                                                        
 
                                                                                                                        The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                        
 
                                                                                                                        Default: cce-lb+service.UID
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        type
                                                                                                                        
+
                                                                                                                        type
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Network type of the load balancer.
                                                                                                                        
+
                                                                                                                        Network type of the load balancer.
                                                                                                                        
 
                                                                                                                        • public: public network load balancer
                                                                                                                        • inner: private network load balancer
                                                                                                                        
 
                                                                                                                        Default: inner
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        bandwidth_name
                                                                                                                        
+
                                                                                                                        bandwidth_name
                                                                                                                        
 
                                                                                                                        Yes for public network load balancers
                                                                                                                        
+
                                                                                                                        Yes for public network load balancers
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                        
+
                                                                                                                        Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                        
 
                                                                                                                        The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        bandwidth_chargemode
                                                                                                                        
+
                                                                                                                        bandwidth_chargemode
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Bandwidth mode.
                                                                                                                        
+
                                                                                                                        Bandwidth mode.
                                                                                                                        
 
                                                                                                                        • traffic: billed by traffic
                                                                                                                        
 
                                                                                                                        Default: traffic
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        bandwidth_size
                                                                                                                        
+
                                                                                                                        bandwidth_size
                                                                                                                        
 
                                                                                                                        Yes for public network load balancers
                                                                                                                        
+
                                                                                                                        Yes for public network load balancers
                                                                                                                        
 
                                                                                                                        Integer
                                                                                                                        
+
                                                                                                                        Integer
                                                                                                                        
 
                                                                                                                        Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                        
+
                                                                                                                        Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                        
 
                                                                                                                        The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                        • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                        • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                        • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                        
 
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        bandwidth_sharetype
                                                                                                                        
+
                                                                                                                        bandwidth_sharetype
                                                                                                                        
 
                                                                                                                        Yes for public network load balancers
                                                                                                                        
+
                                                                                                                        Yes for public network load balancers
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Bandwidth sharing mode.
                                                                                                                        
+
                                                                                                                        Bandwidth sharing mode.
                                                                                                                        
 
                                                                                                                        • PER: dedicated bandwidth
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        eip_type
                                                                                                                        
+
                                                                                                                        eip_type
                                                                                                                        
 
                                                                                                                        Yes for public network load balancers
                                                                                                                        
+
                                                                                                                        Yes for public network load balancers
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        EIP type.
                                                                                                                        
+
                                                                                                                        EIP type.
                                                                                                                        
 
                                                                                                                        • 5_bgp: dynamic BGP
                                                                                                                        
 
                                                                                                                        The specific type varies with regions. For details, see the EIP console.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        vip_subnet_cidr_id
                                                                                                                        
+
                                                                                                                        vip_subnet_cidr_id
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                        
+
                                                                                                                        Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                        
 
                                                                                                                        If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                                                        
 
                                                                                                                        This field can be specified only for clusters of v1.21 or later.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        vip_address
                                                                                                                        
+
                                                                                                                        vip_address
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                        
+
                                                                                                                        Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                        
 
                                                                                                                        The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                                                                        
 
                                                                                                                        This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        available_zone
                                                                                                                        
+
                                                                                                                        available_zone
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        Array of strings
                                                                                                                        
+
                                                                                                                        Array of strings
                                                                                                                        
 
                                                                                                                        AZ where the load balancer is located.
                                                                                                                        
+
                                                                                                                        AZ where the load balancer is located.
                                                                                                                        
 
                                                                                                                        You can obtain all supported AZs by getting the AZ list.
                                                                                                                        
 
                                                                                                                        This parameter is available only for dedicated load balancers.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        l4_flavor_name
                                                                                                                        
+
                                                                                                                        l4_flavor_name
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Flavor name of the layer-4 load balancer.
                                                                                                                        
+
                                                                                                                        Flavor name of the layer-4 load balancer.
                                                                                                                        
 
                                                                                                                        You can obtain all supported types by getting the flavor list.
                                                                                                                        
 
                                                                                                                        This parameter is available only for dedicated load balancers.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        l7_flavor_name
                                                                                                                        
+
                                                                                                                        l7_flavor_name
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Flavor name of the layer-7 load balancer.
                                                                                                                        
+
                                                                                                                        Flavor name of the layer-7 load balancer.
                                                                                                                        
 
                                                                                                                        You can obtain all supported types by getting the flavor list.
                                                                                                                        
 
                                                                                                                        This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        elb_virsubnet_ids
                                                                                                                        
+
                                                                                                                        elb_virsubnet_ids
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        Array of strings
                                                                                                                        
+
                                                                                                                        Array of strings
                                                                                                                        
 
                                                                                                                        Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                        
+
                                                                                                                        Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                        
 
                                                                                                                        This parameter is available only for dedicated load balancers.
                                                                                                                        
 
                                                                                                                        Example:
                                                                                                                        
 
                                                                                                                        "elb_virsubnet_ids": [
@@ -448,32 +451,33 @@ spec:
  ]
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        ipv6_vip_virsubnet_id
                                                                                                                        
+
                                                                                                                        ipv6_vip_virsubnet_id
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                        
+
                                                                                                                        ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                        
 
                                                                                                                        This parameter is available only for dedicated load balancers.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
                                                                                                                         
 
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                      • Create an ingress.
                                                                                                                        kubectl create -f ingress-test.yaml
                                                                                                                        
-
                                                                                                                        If information similar to the following is displayed, the ingress has been created.
                                                                                                                        
+
                                                                                                                      • Create an ingress.
                                                                                                                        kubectl create -f ingress-test.yaml
                                                                                                                        
+
                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                        
 
                                                                                                                        ingress/ingress-test created
                                                                                                                        
-
                                                                                                                        kubectl get ingress
                                                                                                                        
-
                                                                                                                        If information similar to the following is displayed, the ingress has been created and the workload is accessible.
                                                                                                                        
-
                                                                                                                        NAME             HOSTS     ADDRESS          PORTS   AGE
-ingress-test     *         121.**.**.**     80      10s
                                                                                                                        
+
                                                                                                                      • Check the created ingress.
                                                                                                                        kubectl get ingress
                                                                                                                        
+
                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                        
+
                                                                                                                        NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                        
 
                                                                                                                      • Enter http://121.**.**.**:80 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                        121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                        
 
                                                                                                                        • 
 
-
                                                                                                                        Creating an Ingress - Interconnecting with an Existing Load Balancer
                                                                                                                        CCE allows you to connect to an existing load balancer when creating an ingress.
                                                                                                                         
                                                                                                                        • An existing dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                                                                                        
+
                                                                                                                        Associating an Existing Load Balancer to an Ingress While Creating the Ingress
                                                                                                                        CCE allows you to connect to an existing load balancer when creating an ingress.
                                                                                                                        
+
                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                          vi ingress-test.yaml
                                                                                                                          
+
                                                                                                                           
                                                                                                                          • Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress API Version Upgrade in CCE Clusters v1.23.
                                                                                                                          • An existing dedicated load balancer must be of the application type (HTTP/HTTPS) and support private networks (with a private IP address).
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                        
 
                                                                                                                        If the cluster version is 1.23 or later, the YAML file configuration is as follows:
                                                                                                                        apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
@@ -522,43 +526,43 @@ spec:
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                        
 
-
                                                                                                                        
-
diff --git a/docs/cce/umn/cce_10_0279.html b/docs/cce/umn/cce_10_0279.html
index 7163078bb..feeabcd23 100644
--- a/docs/cce/umn/cce_10_0279.html
+++ b/docs/cce/umn/cce_10_0279.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                        Overview
                                                                                                                        Auto scaling is a service that automatically and economically adjusts service resources based on your service requirements and configured policies.
                                                                                                                        
-
                                                                                                                        Context
                                                                                                                        More and more applications are developed based on Kubernetes. It becomes increasingly important to quickly scale out applications on Kubernetes to cope with service peaks and to scale in applications during off-peak hours to save resources and reduce costs.
                                                                                                                        
+
                                                                                                                        Context
                                                                                                                        More and more applications run on Kubernetes. It becomes increasingly important to quickly scale out applications on Kubernetes to cope with service peaks and to scale in applications during off-peak hours to save resources and reduce costs.
                                                                                                                        
 
                                                                                                                        In a Kubernetes cluster, auto scaling involves pods and nodes. A pod is an application instance. Each pod contains one or more containers and runs on a node (VM or bare-metal server). If a cluster does not have sufficient nodes to run new pods, add nodes to the cluster to ensure service running.
                                                                                                                        
 
                                                                                                                        In CCE, auto scaling is used for online services, large-scale computing and training, deep learning GPU or shared GPU training and inference, periodic load changes, and many other scenarios.
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0282.html b/docs/cce/umn/cce_10_0282.html
index b123737c0..4c1ac1248 100644
--- a/docs/cce/umn/cce_10_0282.html
+++ b/docs/cce/umn/cce_10_0282.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                        Tunnel Network Model
                                                                                                                        
 
                                                                                                                        Model Definition
                                                                                                                        A container tunnel network creates a separate network plane for containers by using tunnel encapsulation on the host network plane. The container tunnel network of a CCE cluster uses VXLAN for tunnel encapsulation and Open vSwitch as the virtual switch backend. VXLAN is a protocol that encapsulates Ethernet packets into UDP packets to transmit them through tunnels. Open vSwitch is an open-source virtual switch software that provides functions such as network isolation and data forwarding.
                                                                                                                        
-
                                                                                                                        While there may be some performance costs, packet encapsulation and tunnel transmission allow for greater interoperability and compatibility with advanced features, such as network policy-based isolation, in most common scenarios.
                                                                                                                        Figure 1 Container tunnel network
                                                                                                                        
+
                                                                                                                        While there may be some performance costs, packet encapsulation and tunnel transmission allow for greater interoperability and compatibility with advanced features, such as network policy-based isolation, in most common scenarios.
                                                                                                                        Figure 1 Container tunnel network
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        In a cluster using the container tunnel model, the communication paths between pods on the same node and between pods on different nodes are different.
                                                                                                                        
 
                                                                                                                        • Inter-pod communication on the same node: Packets are directly forwarded via the OVS bridge on the node.
                                                                                                                        • Inter-pod communication on different nodes: Packets are encapsulated in the OVS bridge and then forwarded to the target pod on the peer node through the host NIC.
                                                                                                                        
@@ -16,7 +16,7 @@
 
                                                                                                                        
 
                                                                                                                        Container IP Address Management
                                                                                                                        The container tunnel network allocates container IP addresses according to the following rules:
                                                                                                                        
 
                                                                                                                        • Container CIDR blocks are separate from node CIDR blocks.
                                                                                                                        • IP addresses are allocated by node. One or more CIDR blocks with a fixed size (16 by default) are allocated to each node in a cluster from the container CIDR block.
                                                                                                                        • When the IP addresses on a node are used up, you can apply for a new CIDR block.
                                                                                                                        • A container CIDR block assigns CIDR blocks to new nodes or existing nodes in a cyclical sequence.
                                                                                                                        • IP addresses from one or more CIDR blocks assigned to a node are allocated to pods scheduled to that node in a cyclical manner.
                                                                                                                        
-
                                                                                                                        Figure 2 IP address allocation of the container tunnel network
                                                                                                                        
+
                                                                                                                        Figure 2 IP address allocation of the container tunnel network
                                                                                                                        
 
                                                                                                                        Maximum number of nodes that can be created in the cluster using the container tunnel network = Number of IP addresses in the container CIDR block/Size of the IP CIDR block allocated to the node by the container CIDR block at a time (16 by default)
                                                                                                                        
 
                                                                                                                        For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to a node is 28. That is, a total of 16 container IP addresses are allocated each time. Therefore, a maximum of 4096 (65536/16) nodes can be created. This is an extreme case. If 4096 nodes are created, a maximum of 16 pods can be created for each node because only a CIDR block with 16 IP addresses is allocated to each node. The number of nodes that can be added to a cluster is also determined by the available IP addresses in the node subnet and the scale of the cluster.
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0283.html b/docs/cce/umn/cce_10_0283.html
index 29edb9e7b..2f07ad69a 100644
--- a/docs/cce/umn/cce_10_0283.html
+++ b/docs/cce/umn/cce_10_0283.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                        VPC Network Model
                                                                                                                        
-
                                                                                                                        Model Definition
                                                                                                                        The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. In the VPC network model, container CIDR blocks are separate from node CIDR blocks. To allocate IP addresses to containers running on a node in a cluster, each node in the cluster is allocated with a container CIDR block for a fixed number of IP addresses. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. When using the VPC network model in a cluster, the VPC routing table automatically configures the routes between container CIDR blocks and VPC CIDR blocks. This means that pods within the cluster can be accessed directly from cloud servers in the same VPC, even if they are outside the cluster.
                                                                                                                        Figure 1 VPC network model
                                                                                                                        
+
                                                                                                                        Model Definition
                                                                                                                        The VPC network model seamlessly combines VPC routing with the underlying network, making it ideal for high-performance scenarios. However, the maximum number of nodes allowed in a cluster is determined by the VPC route quota. In the VPC network model, container CIDR blocks are separate from node CIDR blocks. To allocate IP addresses to containers running on a node in a cluster, each node in the cluster is allocated with a container CIDR block for a fixed number of IP addresses. The VPC network model outperforms the container tunnel network model in terms of performance because it does not have tunnel encapsulation overhead. When using the VPC network model in a cluster, the VPC routing table automatically configures the routes between container CIDR blocks and VPC CIDR blocks. This means that pods within the cluster can be accessed directly from cloud servers in the same VPC, even if they are outside the cluster.
                                                                                                                        Figure 1 VPC network model
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        In a cluster using the VPC network model, network communication paths are as follows:
                                                                                                                        
-
                                                                                                                        • Inter-pod communication on the same node: Packets are directly forwarded through IPvlan.
                                                                                                                        • Inter-pod communication on different nodes: The traffic accesses the default gateway by following the route specified in the VPC routing table and then is forwarded to the target pod on another node using VPC routing.
                                                                                                                        • Pod communication outside a cluster: When a container in a cluster needs to access a network outside of the cluster, CCE uses NAT to translate the container's IP address into the node IP address so that the pod communicates externally using the node IP address.
                                                                                                                        
+
                                                                                                                        • Inter-pod communication on the same node: Packets are directly forwarded through IPvlan.
                                                                                                                        • Inter-pod communication on different nodes: The traffic accesses the default gateway by following the route specified in the VPC routing table and then is forwarded to the target pod on another node using VPC routing.
                                                                                                                        • Pod communication with the Internet: When a container in a cluster needs to access the Internet, CCE uses NAT to translate the container's IP address into the node IP address so that the pod communicates externally using the node IP address.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Advantages and Disadvantages
                                                                                                                        Advantages
                                                                                                                        
 
                                                                                                                        • High performance and simplified network fault locating are achieved by eliminating the need for tunnel encapsulation.
                                                                                                                        • A VPC routing table automatically configures routes between container CIDR blocks and VPC CIDR blocks. This enables resources in the VPC to directly communicate with containers in the cluster.
                                                                                                                           
                                                                                                                          Similarly, if the VPC is accessible to other VPCs or data centers and the VPC routing table includes routes to the container CIDR blocks, resources in other VPCs or data centers can directly communicate with containers in the cluster, provided there are no conflicts between the network CIDR blocks.
                                                                                                                          
@@ -17,8 +17,8 @@
 
                                                                                                                          
 
                                                                                                                          Container IP Address Management
                                                                                                                          The VPC network model assigns container IP addresses based on the following guidelines:
                                                                                                                          
 
                                                                                                                          • Container CIDR blocks are separate from node CIDR blocks.
                                                                                                                          • IP addresses are allocated by node. One CIDR block with a fixed size (configurable) is allocated to each node in a cluster from the container CIDR block.
                                                                                                                          • A container CIDR block assigns CIDR blocks to new nodes in a cyclical sequence.
                                                                                                                          • IP addresses from the CIDR blocks assigned to a node are allocated to pods scheduled to that node in a cyclical manner.
                                                                                                                          
-
                                                                                                                          Figure 2 IP address management of the VPC network
                                                                                                                          
-
                                                                                                                          Maximum number of nodes that can be created in the cluster using the VPC network = Number of IP addresses in the container CIDR block /Number of IP addresses in the CIDR block allocated to the node by the container CIDR block
                                                                                                                          
+
                                                                                                                          Figure 2 IP address management of the VPC network
                                                                                                                          
+
                                                                                                                          Maximum number of nodes that can be created in the cluster using the VPC network = Number of IP addresses in the container CIDR block/Number of IP addresses in the CIDR block allocated to the node by the container CIDR block
                                                                                                                          
 
                                                                                                                          For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to a node is 25. That is, the number of container IP addresses on each node is 128. Therefore, a maximum of 512 (65536/128) nodes can be created. The number of nodes that can be added to a cluster is also determined by the available IP addresses in the node subnet and the scale of the cluster. For details, see Recommendation for CIDR Block Planning.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          Recommendation for CIDR Block Planning
                                                                                                                          As explained in Cluster Network Structure, network addresses in a cluster are divided into the cluster network, container network, and service network. When planning network addresses, consider the following factors:
                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0284.html b/docs/cce/umn/cce_10_0284.html
index 7339f8bf5..4a698c6f4 100644
--- a/docs/cce/umn/cce_10_0284.html
+++ b/docs/cce/umn/cce_10_0284.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                          Cloud Native 2.0 Network Model
                                                                                                                          
 
                                                                                                                          Model Definition
                                                                                                                          Cloud Native 2.0 network model is a proprietary, next-generation container network model that combines the elastic network interfaces (ENIs) and supplementary network interfaces (sub-ENIs) of the Virtual Private Cloud (VPC). This allows ENIs or sub-ENIs to be directly bound to pods, giving each pod its own unique IP address within the VPC. Furthermore, it supports additional features like ELB passthrough container, pod binding to a security group, and pod binding to an EIP. Because container tunnel encapsulation and NAT are not required, the Cloud Native 2.0 network model enables higher network performance than the container tunnel network model and VPC network model.
                                                                                                                          
-
                                                                                                                          Figure 1 Cloud Native 2.0 network model
                                                                                                                          
+
                                                                                                                          Figure 1 Cloud Native 2.0 network model
                                                                                                                          
 
                                                                                                                          In a cluster using the Cloud Native 2.0 network model, pods rely on ENIs or sub-ENIs to connect to external networks.
                                                                                                                          
 
                                                                                                                          • Pods running on BMS nodes use ENIs.
                                                                                                                          • Pods running on ECS nodes use sub-ENIs that are bound to the ECS' ENIs through VLAN sub-interfaces.
                                                                                                                          • To run a pod, it is necessary to bind ENIs to it. The number of pods that can run on a node depends on the number of ENIs that can be bound to the node and the number of ENI ports available on the node.
                                                                                                                          • Traffic for communications between pods on a node, communications between pods on different nodes, and access to networks outside a cluster is forwarded through the ENI or sub-ENI of the VPC.
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          Constraints
                                                                                                                          This network model is available only to CCE Turbo clusters.
                                                                                                                          
+
                                                                                                                          Notes and Constraints
                                                                                                                          This network model is available only to CCE Turbo clusters.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          Advantages and Disadvantages
                                                                                                                          Advantages
                                                                                                                          
 
                                                                                                                          • VPCs serve as the foundation for constructing container networks. Every pod has its own network interface and IP address, which simplifies network problem-solving and enhances performance.
                                                                                                                          • In the same VPC, ENIs are directly bound to pods in a cluster, so that resources outside the cluster can directly communicate with containers within the cluster.
                                                                                                                             
                                                                                                                            Similarly, if the VPC is accessible to other VPCs or data centers, resources in other VPCs or data centers can directly communicate with containers in the cluster, provided there are no conflicts between the network CIDR blocks.
                                                                                                                            
@@ -107,7 +107,7 @@
 
                                                                                                                            
 
                                                                                                                            The number of pre-binding ENIs on the node remains in the following range:
                                                                                                                            • Minimum number of ENIs to be pre-bound = min(max(nic-minimum-target – Number of bound ENIs, nic-warm-target), nic-maximum-target – Number of bound ENIs)
                                                                                                                            • Maximum number of ENIs to be pre-bound = max(nic-warm-target + nic-max-above-warm-target, Number of bound ENIs – nic-minimum-target)
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            When a pod is created, an idle ENI (the earliest unused one) is preferentially allocated from the pool. If no idle ENI is available, a new sub-ENI is bound to the pod.
                                                                                                                            
+
                                                                                                                            When a pod is created, an idle pre-bound ENI (the earliest unused one) will be preferentially allocated from the pool. If no idle ENI is available, a new ENI will be created or a new sub-ENI will be bound to the pod.
                                                                                                                            
 
                                                                                                                            When the pod is deleted, the corresponding ENI is released back to the pre-bound ENI pool of the node, enters a 2 minutes cooldown period, and can be bind to another pod. If the ENI is not bound to any pod within 2 minutes, it will be released.
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            Recommendation for CIDR Block Planning
                                                                                                                            As explained in Cluster Network Structure, network addresses in a cluster are divided into the cluster network, container network, and service network. When planning network addresses, consider the following factors:
                                                                                                                            
@@ -115,7 +115,7 @@
 
                                                                                                                          
 
                                                                                                                          In the Cloud Native 2.0 network model, the container CIDR block and node CIDR block share the network IP addresses in a VPC. It is recommended that the container subnet and node subnet not use the same subnet. Otherwise, containers or nodes may fail to be created due to insufficient IP addresses.
                                                                                                                          
 
                                                                                                                          In addition, a subnet can be added to the container CIDR block after a cluster is created to increase the number of available IP addresses. In this case, ensure that the added subnet does not conflict with other subnets in the container CIDR block.
                                                                                                                          
-
                                                                                                                          Figure 2 Configuring CIDR blocks
                                                                                                                          
+
                                                                                                                          Figure 2 Configuring CIDR blocks
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          Example of Cloud Native Network 2.0 Access 
                                                                                                                          In this example, a CCE Turbo cluster is created, and the cluster contains three ECS nodes.
                                                                                                                          
 
                                                                                                                          You can check the basic information about a node on the ECS console. You can see that a primary network interface and an extended network interface are bound to the node. Both of them are ENIs. The IP address of the extended network interface belongs to the container CIDR block and is used to bind sub-ENIs to pods on the node.
                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0285.html b/docs/cce/umn/cce_10_0285.html
index 28c69a835..196480aba 100644
--- a/docs/cce/umn/cce_10_0285.html
+++ b/docs/cce/umn/cce_10_0285.html
@@ -7,18 +7,18 @@
 
                                                                                                                          • Group them in different clusters for different environments.
                                                                                                                            Resources cannot be shared among different clusters. In addition, services in different environments can access each other only through load balancing.
                                                                                                                            
 
                                                                                                                          • Group them in different namespaces for different environments.
                                                                                                                            Workloads in the same namespace can be mutually accessed by using the Service name. Cross-namespace access can be implemented by using the Service name or namespace name.
                                                                                                                            
 
                                                                                                                            The following figure shows namespaces created for the development, joint debugging, and testing environments, respectively.
                                                                                                                            
-
                                                                                                                            Figure 1 One namespace for one environment
                                                                                                                            
+
                                                                                                                            Figure 1 One namespace for one environment
                                                                                                                            
 
                                                                                                                          
 
                                                                                                                        • Isolating namespaces by application
                                                                                                                          You are advised to use this method if a large number of workloads are deployed in the same environment. For example, in the following figure, different namespaces (APP1 and APP2) are created to logically manage workloads as different groups. Workloads in the same namespace access each other using the Service name, and workloads in different namespaces access each other using the Service name or namespace name.
                                                                                                                          
-
                                                                                                                          Figure 2 Grouping workloads into different namespaces
                                                                                                                          
+
                                                                                                                          Figure 2 Grouping workloads into different namespaces
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Managing Namespace Labels
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                                                                        2. Locate the row containing the target namespace and choose More > Manage Label in the Operation column.
                                                                                                                        3. In the dialog box that is displayed, the existing labels of the namespace are displayed. Modify the labels as needed.
                                                                                                                          • Adding a label: Click the add icon, enter the key and value of the label to be added, and click OK.
                                                                                                                            For example, the key is project and the value is cicd, indicating that the namespace is used to deploy CICD.
                                                                                                                            
-
                                                                                                                          • Deleting a label: Click  next the label to be deleted and then OK.
                                                                                                                          
+
                                                                                                                        4. Deleting a label: Click Delete next the label to be deleted and then OK.
                                                                                                                          5. 
 
                                                                                                                        5. Switch to the Manage Label dialog box again and check the modified labels.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Enabling Node Affinity in a Namespace
                                                                                                                        After node affinity is enabled in a namespace, the workloads newly created in the namespace can be scheduled only to nodes with specific labels. For details, see PodNodeSelector.
                                                                                                                        
-
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                                                                        2. Locate the target namespace and click  in the Node Affinity column.
                                                                                                                        3. In the displayed dialog box, select Enable and click OK.
                                                                                                                          After node affinity is enabled, new workloads in the current namespace will be scheduled only to nodes with specified labels. For example, in namespace test, the workloads in the namespace can be scheduled only to the node whose label key is kubelet.kubernetes.io/namespace and label value is test.
                                                                                                                          
+
                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                                                                          2. Locate the target namespace and click  in the Node Affinity column.
                                                                                                                          3. In the displayed dialog box, select Enable and click OK.
                                                                                                                            After node affinity is enabled, new workloads in the current namespace will be scheduled only to nodes with specified labels. For example, in namespace test, the workloads in the namespace can be scheduled only to the node whose label key is kubelet.kubernetes.io/namespace and label value is test.
                                                                                                                            
 
                                                                                                                          4. You can add specified labels to a node in Labels and Taints on the Nodes page. For details, see Managing Node Labels.
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                        Deleting a Namespace
                                                                                                                        If a namespace is deleted, all resources (such as workloads, jobs, and ConfigMaps) in this namespace will also be deleted. Exercise caution when deleting a namespace. 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0287.html b/docs/cce/umn/cce_10_0287.html
index 3dc2af4a3..ca559bae3 100644
--- a/docs/cce/umn/cce_10_0287.html
+++ b/docs/cce/umn/cce_10_0287.html
@@ -1,117 +1,80 @@
 
 
 
                                                                                                                        Configuring Resource Quotas
                                                                                                                        
-
                                                                                                                        Namespace-level resource quotas limit the amount of resources available to teams or users when these teams or users use the same cluster. The quotas include the total number of a type of objects and the total amount of compute resources (CPU and memory) consumed by the objects.
                                                                                                                        
-
                                                                                                                        Usage
                                                                                                                        By default, running pods can use the CPUs and memory of a node without restrictions. This means the pods in a namespace may exhaust all resources of the cluster.
                                                                                                                        
-
                                                                                                                        Kubernetes provides namespaces for you to group workloads in a cluster. By setting resource quotas for each namespace, you can prevent resource exhaustion and ensure cluster reliability.
                                                                                                                        
-
                                                                                                                        You can configure quotas for resources such as CPU, memory, and the number of pods in a namespace. For more information, see Resource Quotas.
                                                                                                                        
-
                                                                                                                        The following table recommends how many pods you can configure for your clusters of different sizes.
                                                                                                                        
+
                                                                                                                        Kubernetes provides namespaces for you to group resources in a cluster. Namespaces serve different purposes to meet the needs of multiple users, environments, and applications. To prevent resource abuse and ensure cluster reliability, you can configure quotas for resources like CPUs, memory, and pods for each namespace. For details, see Resource Quotas.
                                                                                                                        
+
                                                                                                                        In clusters of v1.21 or later, the default resource quotas will be created when a namespace is created if you have enabled enable-resource-quota in Cluster Configuration Management. Table 1 lists the resource quotas based on cluster specifications. You can modify them according to your service requirements.
                                                                                                                        
 
-
                                                                                                                        Table 3 Key parameters
                                                                                                                        Parameter
                                                                                                                        
+
                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                        Table 3 Key parameters
                                                                                                                        Parameter
                                                                                                                        
 
                                                                                                                        Mandatory
                                                                                                                        
+
                                                                                                                        Mandatory
                                                                                                                        
 
                                                                                                                        Type
                                                                                                                        
+
                                                                                                                        Type
                                                                                                                        
 
                                                                                                                        Description
                                                                                                                        
+
                                                                                                                        Description
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        kubernetes.io/elb.id
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.id
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        ID of a load balancer. The value can contain 1 to 100 characters.
                                                                                                                        
+
                                                                                                                        ID of a load balancer. The value can contain 1 to 100 characters.
                                                                                                                        
 
                                                                                                                        How to obtain:
                                                                                                                        
 
                                                                                                                        On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        kubernetes.io/elb.ip
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.ip
                                                                                                                        
 
                                                                                                                        No
                                                                                                                        
+
                                                                                                                        No
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                        
+
                                                                                                                        Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        kubernetes.io/elb.class
                                                                                                                        
+
                                                                                                                        kubernetes.io/elb.class
                                                                                                                        
 
                                                                                                                        Yes
                                                                                                                        
+
                                                                                                                        Yes
                                                                                                                        
 
                                                                                                                        String
                                                                                                                        
+
                                                                                                                        String
                                                                                                                        
 
                                                                                                                        Load balancer type.
                                                                                                                        
+
                                                                                                                        Load balancer type.
                                                                                                                        
 
                                                                                                                        • union: shared load balancer
                                                                                                                        • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                        
 
                                                                                                                         NOTE: 
                                                                                                                        If a LoadBalancer ingress accesses an existing dedicated load balancer, the dedicated load balancer must be of the application load balancing (HTTP/HTTPS) type.
                                                                                                                        
 
                                                                                                                        
@@ -567,6 +571,15 @@ spec:
 
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        
+
                                                                                                                      • Create an ingress.
                                                                                                                        kubectl create -f ingress-test.yaml
                                                                                                                        
+
                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                        
+
                                                                                                                        ingress/ingress-test created
                                                                                                                        
+
                                                                                                                      • Check the created ingress.
                                                                                                                        kubectl get ingress
                                                                                                                        
+
                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                        
+
                                                                                                                        NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                        
+
                                                                                                                      • Enter http://121.**.**.**:80 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                        121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                        
+
                                                                                                                        • 
 
 
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0276.html b/docs/cce/umn/cce_10_0276.html
index db27caea1..88bc2e703 100644
--- a/docs/cce/umn/cce_10_0276.html
+++ b/docs/cce/umn/cce_10_0276.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                        Performing Rolling Upgrade for Nodes
                                                                                                                        
 
                                                                                                                        Scenario
                                                                                                                        In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.
                                                                                                                        
-
                                                                                                                        Figure 1 Workload migration
                                                                                                                        
+
                                                                                                                        Figure 1 Workload migration
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Notes and Constraints
                                                                                                                        • The original node and the target node to which the workload is to be migrated must be in the same cluster.
                                                                                                                        • The cluster must be of v1.13.10 or later.
                                                                                                                        • The default node pool does not support this configuration.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        Scenario 1: The Original Node Is in DefaultPool
                                                                                                                        1. Create a node pool. For details, see Creating a Node Pool.
                                                                                                                        2. On the node pool list page, click View Node in the Operation column of the target node pool. The IP address of the new node is displayed in the node list.
                                                                                                                        1. Install and configure kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                        1. Migrate the workload.
                                                                                                                          1. Add a taint to the node where the workload needs to be migrated out.
                                                                                                                            kubectl taint node [node] key=value:[effect]
                                                                                                                            
+
                                                                                                                            Procedure If the Original Node Is in the Default Pool
                                                                                                                            1. Create a node pool. For details, see Creating a Node Pool.
                                                                                                                            2. On the node pool list page, click View Node in the Operation column of the target node pool. The IP address of the new node is displayed in the node list.
                                                                                                                            1. Install and configure kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                            1. Migrate the workload.
                                                                                                                              1. Add a taint to the node where the workload needs to be migrated out.
                                                                                                                                kubectl taint node [node] key=value:[effect]
                                                                                                                                
 
                                                                                                                                In the preceding command, [node] indicates the IP address of the node where the workload to be migrated is located. The value of [effect] can be NoSchedule, PreferNoSchedule, or NoExecute. In this example, set this parameter to NoSchedule.
                                                                                                                                
 
                                                                                                                                • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node; existing pods are not evicted from the node.
                                                                                                                                • PreferNoSchedule: Kubernetes tries to avoid scheduling pods that do not tolerate this taint onto the node.
                                                                                                                                • NoExecute: A pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.
                                                                                                                                
 
                                                                                                                                 
                                                                                                                                To reset a taint, run the kubectl taint node [node] key:[effect]- command to remove the taint.
                                                                                                                                
@@ -14,19 +14,19 @@
 
                                                                                                                              2. Safely evicts the workload on the node.
                                                                                                                                kubectl drain [node]
                                                                                                                                
 
                                                                                                                                In the preceding command, [node] indicates the IP address of the node where the workload to be migrated is located.
                                                                                                                                
 
                                                                                                                              3. In the navigation pane of the CCE console, choose Workloads > Deployments. In the workload list, the status of the workload to be migrated changes from Running to Unready. If the workload status changes to Running again, the migration is successful.
                                                                                                                              
-
                                                                                                                               
                                                                                                                              During workload migration, if node affinity is configured for the workload, the workload keeps displaying a message indicating that the workload is not ready. In this case, click the workload name to go to the workload details page. On the Scheduling Policies tab page, delete the affinity configuration of the original node and configure the affinity and anti-affinity policies of the new node. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                              
+
                                                                                                                               
                                                                                                                              During workload migration, if node affinity is configured for the workload, the workload keeps displaying a message indicating that the workload is not ready. In this case, click the workload name to go to the workload details page. On the Scheduling Policies tab page, delete the affinity configuration of the original node and configure the affinity and anti-affinity policies of the new node. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                                                                                                                              
 
                                                                                                                              
-
                                                                                                                              After the workload is migrated, you can view that the workload is migrated to the node created in 1 on the Pods tab page of the workload details page.
                                                                                                                              
+
                                                                                                                              After the workload is migrated, you can view that the workload has been migrated to the node created in 1 on the Pods tab page of the workload details page.
                                                                                                                              
 
                                                                                                                            1. Delete the original node.
                                                                                                                              After the workload is successfully migrated and runs properly, delete the original node.
                                                                                                                              
 
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Scenario 2: The Original Node Is Not in DefaultPool
                                                                                                                            1. Copy the node pool and add nodes to it. For details, see Copying a Node Pool.
                                                                                                                            2. Click View Node in the Operation column of the node pool. The IP address of the new node is displayed in the node list.
                                                                                                                            1. Migrate the workload.
                                                                                                                              1. Click Edit on the right of original node pool and configure Taints.
                                                                                                                              2. Enter the key and value of a taint. The options of Effect are NoSchedule, PreferNoSchedule, and NoExecute. Select NoExecute and click Add.
                                                                                                                                • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node; existing pods are not evicted from the node.
                                                                                                                                • PreferNoSchedule: Kubernetes tries to avoid scheduling pods that do not tolerate this taint onto the node.
                                                                                                                                • NoExecute: A pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.
                                                                                                                                
+
                                                                                                                                Procedure If the Original Node Is Not in the Default Pool
                                                                                                                                1. Copy the node pool and add nodes to it. For details, see Copying a Node Pool.
                                                                                                                                2. Click View Node in the Operation column of the node pool. The IP address of the new node is displayed in the node list.
                                                                                                                                1. Migrate the workload.
                                                                                                                                  1. Click Edit on the right of original node pool and configure Taints.
                                                                                                                                  2. Enter the key and value of a taint. The options of Effect are NoSchedule, PreferNoSchedule, and NoExecute. Select NoExecute and click Add.
                                                                                                                                    • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node; existing pods are not evicted from the node.
                                                                                                                                    • PreferNoSchedule: Kubernetes tries to avoid scheduling pods that do not tolerate this taint onto the node.
                                                                                                                                    • NoExecute: A pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.
                                                                                                                                    
 
                                                                                                                                     
                                                                                                                                    To reset the taint, delete the configured one.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                  3. Click OK.
                                                                                                                                  4. In the navigation pane of the CCE console, choose Workloads > Deployments. In the workload list, the status of the workload to be migrated changes from Running to Unready. If the workload status changes to Running again, the migration is successful.
                                                                                                                                  
-
                                                                                                                                   
                                                                                                                                  During workload migration, if node affinity is configured for the workload, the workload keeps displaying a message indicating that the workload is not ready. In this case, click the workload name to go to the workload details page. On the Scheduling Policies tab page, delete the affinity configuration of the original node and configure the affinity and anti-affinity policies of the new node. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                                  
+
                                                                                                                                   
                                                                                                                                  During workload migration, if node affinity is configured for the workload, the workload keeps displaying a message indicating that the workload is not ready. In this case, click the workload name to go to the workload details page. On the Scheduling Policies tab page, delete the affinity configuration of the original node and configure the affinity and anti-affinity policies of the new node. For details, see Configuring Node Affinity Scheduling (nodeAffinity).
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  After the workload is migrated, you can view that the workload is migrated to the node created in 1 on the Pods tab page of the workload details page.
                                                                                                                                  
+
                                                                                                                                  After the workload is migrated, you can view that the workload has been migrated to the node created in 1 on the Pods tab page of the workload details page.
                                                                                                                                  
 
                                                                                                                                1. Delete the original node.
                                                                                                                                  After the workload is successfully migrated and runs properly, delete the original node.
                                                                                                                                  
 
                                                                                                                                
 
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0277.html b/docs/cce/umn/cce_10_0277.html
index 93b939c2c..0695892ec 100644
--- a/docs/cce/umn/cce_10_0277.html
+++ b/docs/cce/umn/cce_10_0277.html
@@ -65,7 +65,7 @@
 
                                                                                                                        
 
                                                                                                                        CCE AI Suite (NVIDIA GPU)
                                                                                                                        
 
                                                                                                                        NVIDIA GPU is a device management add-on that supports GPUs in containers. It supports only NVIDIA drivers.
                                                                                                                        
+
                                                                                                                        This add-on supports and manages GPUs in containers. Only NVIDIA drivers are supported.
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
                                                                                                                         
 
                                                                                                                        Cluster Scale
                                                                                                                        
+
                                                                                                                        
-
+
+
+
+
-
-
+
+
+
+
-
-
+
+
+
+
-
-
+
+
+
+
-
-
+
+
+
+
                                                                                                                        Table 1 Default resource quotas
                                                                                                                        Cluster Scale
                                                                                                                        
 
                                                                                                                        Recommended Number of Pods
                                                                                                                        
+
                                                                                                                        Pod
                                                                                                                        
+
                                                                                                                        Deployment
                                                                                                                        
+
                                                                                                                        Secret
                                                                                                                        
+
                                                                                                                        ConfigMap
                                                                                                                        
+
                                                                                                                        Service
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
 
                                                                                                                        50 nodes
                                                                                                                        
+
                                                                                                                        50 nodes
                                                                                                                        
 
                                                                                                                        2,500 pods
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        200 nodes
                                                                                                                        
+
                                                                                                                        200 nodes
                                                                                                                        
 
                                                                                                                        10,000 pods
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
+
                                                                                                                        1000
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        1000 nodes
                                                                                                                        
+
                                                                                                                        1000 nodes
                                                                                                                        
 
                                                                                                                        30,000 pods
                                                                                                                        
+
                                                                                                                        5000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        2000 nodes
                                                                                                                        
+
                                                                                                                        2000 nodes
                                                                                                                        
 
                                                                                                                        50,000 pods
                                                                                                                        
+
                                                                                                                        5000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
+
                                                                                                                        2000
                                                                                                                        
                                                                                                                         		
 
                                                                                                                        
                                                                                                                         
 
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                        In clusters of v1.21 and later, the default resource quotas will be created when a namespace is created if you have enabled enable-resource-quota in Cluster Configuration Management. Table 1 lists the resource quotas based on cluster specifications. You can modify them according to your service requirements.
                                                                                                                        
-
-
                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                        Table 1 Default resource quotas
                                                                                                                        Cluster Scale
                                                                                                                        
-
                                                                                                                        Pod
                                                                                                                        
-
                                                                                                                        Deployment
                                                                                                                        
-
                                                                                                                        Secret
                                                                                                                        
-
                                                                                                                        ConfigMap
                                                                                                                        
-
                                                                                                                        Service
                                                                                                                        
-
                                                                                                                        50 nodes
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        200 nodes
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        1000
                                                                                                                        
-
                                                                                                                        1000 nodes
                                                                                                                        
-
                                                                                                                        5000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        2000 nodes
                                                                                                                        
-
                                                                                                                        5000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        2000
                                                                                                                        
-
                                                                                                                        
-
                                                                                                                        
-
-
                                                                                                                        Notes and Constraints
                                                                                                                        Kubernetes provides optimistic concurrency control (OCC), also known as optimistic locking, for frequent data updates. You can use optimistic locking by defining the resourceVersion field. This field is in the object metadata. This field identifies the internal version number of the object. When the object is modified, this field is modified accordingly. You can use kube-apiserver to check whether an object has been modified. When the API server receives an update request containing the resourceVersion field, the server compares the requested data with the resource version number of the server. If they are different, the object on the server has been modified when the update is submitted. In this case, the API server returns a conflict error (409). Obtain the server data, modify the data, and submit the data to the server again. The resource quota limits the total resource consumption of each namespace and records the resource information in the cluster. Therefore, after the enable-resource-quota option is enabled, the probability of resource creation conflicts increases in large-scale concurrency scenarios, affecting the performance of batch resource creation.
                                                                                                                        
-
                                                                                                                        
 
                                                                                                                        Procedure
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. In the navigation pane, click Namespaces.
                                                                                                                        3. Click Quota Management next to the target namespace.
                                                                                                                          This operation cannot be performed on system namespaces kube-system and kube-public.
                                                                                                                          
-
                                                                                                                        4. Set the resource quotas and click OK.
                                                                                                                           
                                                                                                                          • After setting CPU and memory quotas for a namespace, you must specify the request and limit values of CPU and memory resources when creating a workload. Otherwise, the workload cannot be created. If the quota of a resource is set to 0, the resource usage is not limited.
                                                                                                                          • Accumulated quota usage includes the resources used by CCE to create default components, such as the Kubernetes Services (which can be viewed using kubectl) created under the default namespace. Therefore, you are advised to set a resource quota greater than expected to reserve resource for creating default components.
                                                                                                                          
+
                                                                                                                        5. Configure the resource quotas and click OK.
                                                                                                                           
                                                                                                                          • After configuring CPU and memory quotas for a namespace, you must specify the request and limit values of CPU and memory resources when creating a workload. Otherwise, the workload cannot be created. If the quota of a resource is set to 0, the resource usage is not limited.
                                                                                                                          • Accumulated quota usage includes the resources used by CCE to create default components, such as the Kubernetes Services (which can be viewed using kubectl) created under the default namespace. Therefore, you are advised to set a resource quota greater than expected to reserve resource for creating default components.
                                                                                                                          • Kubernetes provides optimistic concurrency control (OCC), also known as optimistic locking, for frequent data updates. You can use optimistic locking by defining the resourceVersion field. This field is in the object metadata. This field identifies the internal version number of the object. When the object is modified, this field is modified accordingly. You can use kube-apiserver to check whether an object has been modified. When the API server receives an update request containing the resourceVersion field, the server compares the requested data with the resource version number of the server. If they are different, the object on the server has been modified when the update is submitted. In this case, the API server returns a conflict error (409). Obtain the server data, modify the data, and submit the data to the server again. Resource quotas limit the total resource usage of each namespace and maintain a record of resource information in the cluster. Enabling resource quotas may result in more resource creation conflicts in high-concurrency scenarios, which can affect the performance of batch resource creation.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0290.html b/docs/cce/umn/cce_10_0290.html
index 4d5079b2c..7c865d382 100644
--- a/docs/cce/umn/cce_10_0290.html
+++ b/docs/cce/umn/cce_10_0290.html
@@ -1,20 +1,72 @@
 
 
 
                                                                                                                        Workload Scaling Rules
                                                                                                                        
-
                                                                                                                        How HPA Works
                                                                                                                        HPA is a controller that controls horizontal pod scaling. HPA periodically checks the pod metrics, calculates the number of replicas required to meet the target values configured for HPA resources, and then adjusts the value of the replicas field in the target resource object (such as a Deployment).
                                                                                                                        
+
                                                                                                                        CCE supports multiple workload scaling modes. Comparisons between the scaling policies are listed in the following table.
+
                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                        Table 1 Comparisons between auto scaling policies
                                                                                                                        Item
                                                                                                                        
+
                                                                                                                        HPA
                                                                                                                        
+
                                                                                                                        CronHPA
                                                                                                                        
+
                                                                                                                        AHPA
                                                                                                                        
+
                                                                                                                        Introduction
                                                                                                                        
+
                                                                                                                        Horizontal Pod Autoscaling
                                                                                                                        
+
                                                                                                                        Enhanced based on HPA, CronHPA is mainly used if the resource usage of applications changes periodically.
                                                                                                                        
+
                                                                                                                        Advanced Horizontal Pod Autoscaler, which performs scaling beforehand based on historical data.
                                                                                                                        
+
                                                                                                                        Rule
                                                                                                                        
+
                                                                                                                        Scales Deployment pods based on metrics (CPU usage and memory usage).
                                                                                                                        
+
                                                                                                                        Scales Deployment pods periodically (daily, weekly, monthly, or yearly at a specific time).
                                                                                                                        
+
                                                                                                                        Predicts the resources needed based on the historical usage of container resources (CPU and memory) and automatically scales workload pods beforehand.
                                                                                                                        
+
                                                                                                                        Enhancement
                                                                                                                        
+
                                                                                                                        Adds the application-level cooldown time window and scaling threshold functions based on the Kubernetes HPA.
                                                                                                                        
+
                                                                                                                        Compatible with HPA objects, allowing you to use both CronHPA and HPA.
                                                                                                                        
+
                                                                                                                        • If both CronHPA and HPA are used, CronHPA runs based on HPA and periodically adjusts the number of pods for HPA.
                                                                                                                        • If CronHPA is separately used: CronHPA periodically adjusts the number of pods for workloads.
                                                                                                                        
+
                                                                                                                        Identifies periods of pod scaling and predicts future fluctuations by analyzing historical service metrics. This proactive approach can resolve the issue of delayed scaling in native HPA.
                                                                                                                        
+
                                                                                                                        Usage
                                                                                                                        
+
                                                                                                                        Creating an HPA Policy
                                                                                                                        
+
                                                                                                                        Creating a Scheduled CronHPA Policy
                                                                                                                        
+
                                                                                                                        Creating an AHPA Policy
                                                                                                                        
+
                                                                                                                        
+
                                                                                                                        
+
                                                                                                                        
+
                                                                                                                        How HPA Works
                                                                                                                        HPA is a controller that controls horizontal pod scaling. HPA periodically checks the pod metrics, calculates the number of pods required to meet the target values configured for HPA resources, and then adjusts the value of the replicas field in the target resource object (such as a Deployment).
                                                                                                                        
 
                                                                                                                        A prerequisite for auto scaling is that your container running data can be collected, such as number of cluster nodes/pods, and CPU and memory usage of containers. Kubernetes does not have built-in monitoring capabilities, but you can use extensions like Prometheus and Metrics Server to monitor and collect data.
                                                                                                                        
 
                                                                                                                        • Prometheus is an open-source monitoring and alarming framework that can collect multiple types of metrics. Prometheus has been a standard monitoring solution of Kubernetes.
                                                                                                                        • Metrics Server is a cluster-wide aggregator of resource utilization data. Metrics Server collects metrics from the Summary API exposed by kubelet. These metrics are set for core Kubernetes resources, such as pods, nodes, containers, and Services. Metrics Server provides a set of standard APIs for external systems to collect these metrics.
                                                                                                                        
-
                                                                                                                        HPA can work with Metrics Server to implement auto scaling based on the CPU and memory usage.
                                                                                                                        
+
                                                                                                                        HPA can work with Metrics Server for auto scaling based on the CPU and memory usage. It can also work with Prometheus for auto scaling based on custom monitoring metrics.
                                                                                                                        
 
                                                                                                                        Figure 1 shows how HPA works.
                                                                                                                        
-
                                                                                                                        Figure 1 HPA working process
                                                                                                                        
+
                                                                                                                        Figure 1 HPA working process
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                        Two core modules of HPA:
                                                                                                                        
 
                                                                                                                        • Data Source Monitoring
                                                                                                                          The community provided only CPU- and memory-based HPA at the early stage. With the population of Kubernetes and Prometheus, developers need more custom metrics or monitoring information at the access layer for their own applications, for example, the QPS of the load balancer and the number of online users of the website. In response, the community defines a set of standard metric APIs to provide services externally through these aggregated APIs.
                                                                                                                          
 
                                                                                                                          • metrics.k8s.io provides monitoring metrics related to the CPU and memory of pods and nodes.
                                                                                                                          • custom.metrics.k8s.io provides custom monitoring metrics related to Kubernetes objects.
                                                                                                                          • external.metrics.k8s.io provides metrics that come from external systems and are irrelevant to any Kubernetes resource metrics.
                                                                                                                          
 
                                                                                                                        • Scaling Decision-Making Algorithms
                                                                                                                          The HPA controller calculates the scaling ratio based on the current metric values and desired metric values using the following formula:
                                                                                                                          
-
                                                                                                                          desiredReplicas = ceil[currentReplicas x (currentMetricValue/desiredMetricValue)]
                                                                                                                          
+
                                                                                                                          Desired number of pods = Rounded up value of [Number of current pods x (Current metric value/Target value)]
                                                                                                                          
 
                                                                                                                          For example, if the current metric value is 200m and the target value is 100m, the desired number of pods will be doubled according to the formula. In practice, pods may be constantly added or reduced. To ensure stability, the HPA controller is optimized from the following aspects:
                                                                                                                          
-
                                                                                                                          • Cooldown interval: In v1.11 and earlier versions, Kubernetes introduced the startup parameters horizontal-pod-autoscaler-downscale-stabilization-window and horizontal-pod-autoScaler-upscale-stabilization-window to indicate the cooldown intervals after a scale-in and scale-out, respectively, in which no scaling operation will not be performed. In versions later than v1.14, the scheduling queue is introduced to store all decision-making suggestions detected within a period of time. Then, the system makes decisions based on all valid decision-making suggestions to minimize changes of the desired number of replicas to ensure stability.
                                                                                                                          • Tolerance: It can be considered as a buffer zone. If the pod number changes can be tolerated, the number of pods remains unchanged.
                                                                                                                            Use the formula: ratio = currentMetricValue/desiredMetricValue
                                                                                                                            
+
                                                                                                                            • Cooldown interval: In v1.11 and earlier versions, Kubernetes introduced the startup parameters horizontal-pod-autoscaler-downscale-stabilization-window and horizontal-pod-autoScaler-upscale-stabilization-window to indicate the cooldown intervals after a scale-in and scale-out, respectively, in which no scaling operation will not be performed. In versions later than v1.14, the scheduling queue is introduced to store all decision-making suggestions detected within a period of time. Then, the system makes decisions based on all valid decision-making suggestions to minimize changes of the desired number of pods to ensure stability.
                                                                                                                            • Tolerance: It can be considered as a buffer zone. If the pod number changes can be tolerated, the number of pods remains unchanged.
                                                                                                                              ratio = Current metric value/Target value
                                                                                                                              
 
                                                                                                                              When |ratio – 1.0| ≤ tolerance, scaling will not be performed.
                                                                                                                              
 
                                                                                                                              When |ratio – 1.0| > tolerance, the desired value is calculated using the formula mentioned above.
                                                                                                                              
 
                                                                                                                              The default value is 0.1 in the current community version.
                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0291.html b/docs/cce/umn/cce_10_0291.html
index 48e412c9c..07b0fb510 100644
--- a/docs/cce/umn/cce_10_0291.html
+++ b/docs/cce/umn/cce_10_0291.html
@@ -1,8 +1,7 @@
 
 
 
                                                                                                                              Scaling a Node
                                                                                                                              
-
                                                                                                                              
-
                                                                                                                              
+
                                                                                                                              
 
                                                                                                                              
 
 
                                                                                                                              
 
                                                                                                                              Cluster Autoscaler Architecture
                                                                                                                              Figure 1 shows the Cluster Autoscaler architecture and its core modules.
                                                                                                                              
-
                                                                                                                              Figure 1 Cluster Autoscaler architecture
                                                                                                                              
+
                                                                                                                              Figure 1 Cluster Autoscaler architecture
                                                                                                                              
 
                                                                                                                              Description
                                                                                                                              
 
                                                                                                                              • Estimator: Evaluates the number of nodes to be added to each node pool to host unschedulable pods.
                                                                                                                              • Simulator: Finds the nodes that meet the scale-in conditions in the scale-in scenario.
                                                                                                                              • Expander: Selects an optimal node from the node pool picked out by the Estimator based on the user-defined policy in the scale-out scenario. Table 1 lists the Expander policies.
 
                                                                                                                                
@@ -181,7 +181,7 @@
 
                                                                                                                                Table 1 Expander policies supported by CCE
                                                                                                                                Policy
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0300.html b/docs/cce/umn/cce_10_0300.html
index eb7df8cfe..51c3990d9 100644
--- a/docs/cce/umn/cce_10_0300.html
+++ b/docs/cce/umn/cce_10_0300.html
@@ -6,9 +6,9 @@
 
 
                                                                                                                                Solution
                                                                                                                                Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                                                                
 
                                                                                                                                HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                                                                
-
                                                                                                                                As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                Figure 1 HPA and CA working flows
                                                                                                                                
+
                                                                                                                                As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                Figure 1 HPA and CA working flows
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                
+
                                                                                                                                Using HPA and CA enables automatic scaling for most scenarios while also providing monitoring capabilities.
                                                                                                                                
 
                                                                                                                                This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Preparations
                                                                                                                                1. Create a cluster with one node. The node should have 2 cores of vCPUs and 4 GiB of memory, or a higher specification, as well as an EIP to allow external access. If no EIP is bound to the node during node creation, you can manually bind one on the ECS console after creating the node.
                                                                                                                                  
@@ -29,7 +29,7 @@ RUN chmod a+rx index.php
 
                                                                                                                                
 
                                                                                                                              • Run the following command to build an image named hpa-example with the tag latest.
                                                                                                                                docker build -t hpa-example:latest .
                                                                                                                                
 
                                                                                                                              • (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner.
                                                                                                                                Skip this step if you already have an organization.
                                                                                                                                
-
                                                                                                                              • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                              • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                              • Tag the hpa-example image.
                                                                                                                                docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                
+
                                                                                                                              • In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                              • Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                              • Tag the hpa-example image.
                                                                                                                                docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                
 
                                                                                                                                • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                                                                • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                                                                • {Organization name}: name of the created organization.
                                                                                                                                • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                                                                
 
                                                                                                                                The following is an example:
                                                                                                                                
 
                                                                                                                                docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                
@@ -45,9 +45,9 @@ latest: digest: sha256:eb7e3bbd*** size: **
 
                                                                                                                                • 
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Creating a Node Pool and a Node Scaling Policy
                                                                                                                                1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                2. Configure the node pool.
                                                                                                                                  • Nodes: Set it to 1, indicating that one node is created by default when a node pool is created.
                                                                                                                                  • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                  
+
                                                                                                                                  Creating a Node Pool and a Node Scaling Policy
                                                                                                                                  1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                  2. Configure the node pool.
                                                                                                                                    • Node Type: Select a node type.
                                                                                                                                    • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                    
 
                                                                                                                                    Retain the defaults for other parameters. For details, see Creating a Node Pool.
                                                                                                                                    
-
                                                                                                                                  3. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                                                                    If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                                                                    • Automatic scale-out: If this function is enabled, nodes in a node pool will be automatically added based on the cluster load.
                                                                                                                                    • Customized Rule: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                                                                    • Automatic scale-in: If this function is enabled, nodes in a node pool will be automatically deleted based on the cluster load. For example, trigger scale-in when the node resource utilization is less than 50%.
                                                                                                                                    • AS Configuration: Modify the node quantity range. During autoscaling, the number of nodes in a node pool is always within the configured quantity range.
                                                                                                                                    • AS Object: Enable autoscaling for node specifications in a node pool.
                                                                                                                                    
+
                                                                                                                                  4. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                                                                    If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                                                                    • Customize scale-out rules.: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                                                                    • Nodes: Modify the node quantity range. The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                                                                    • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                  5. Click OK.
                                                                                                                                  
 
                                                                                                                                  
@@ -119,7 +119,7 @@ spec:
           averageUtilization: 50
 
                                                                                                                                  Configure the parameters as follows if you are using the console.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                  
 
                                                                                                                                
 
                                                                                                                                Observing the Auto Scaling Process
                                                                                                                                1. Check the cluster node status. In the following example, there are two nodes.
                                                                                                                                  # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
@@ -146,7 +146,7 @@ hpa-policy   Deployment/hpa-example   81%/50%    1         100       7
 hpa-policy   Deployment/hpa-example   57%/50%    1         100       7          9m16s
 hpa-policy   Deployment/hpa-example   51%/50%    1         100       7          10m
 hpa-policy   Deployment/hpa-example   58%/50%    1         100       7          11m
                                                                                                                                  
-
                                                                                                                                  You can see that the CPU usage of the workload is 190% at 4m23s, which exceeds the target value. In this case, scaling is triggered to expand the workload to four replicas/pods. In the subsequent several minutes, the CPU usage does not decrease until 7m16s. This is because the new pods may not be successfully created. The possible cause is that resources are insufficient and the pods are in Pending state. During this period, nodes are added.
                                                                                                                                  
+
                                                                                                                                  You can see that the CPU usage of the workload is 190% at 4m23s, which exceeds the target value. In this case, scaling is triggered to expand the workload to four replicas/pods. In the subsequent several minutes, the CPU usage does not decrease until 7m16s. This is because the new pods may not be successfully created. The possible cause is that resources are insufficient and the pods are in the pending state. During this period, nodes are being scaled out.
                                                                                                                                  
 
                                                                                                                                  At 7m16s, the CPU usage decreases, indicating that the pods are successfully created and start to bear traffic. The CPU usage decreases to 81% at 8m, still greater than the target value (50%) and the high threshold (70%). Therefore, 7 pods are added at 9m16s, and the CPU usage decreases to 51%, which is within the range of 30% to 70%. From then on, the number of pods remains 7.
                                                                                                                                  
 
                                                                                                                                  In the following output, you can see the workload scaling process and the time when the HPA policy takes effect.
                                                                                                                                  
 
                                                                                                                                  # kubectl describe deploy hpa-example
@@ -213,7 +213,7 @@ Events:
 
                                                                                                                                  The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace (and these pods are not created by DaemonSets). For details, see Node Scaling Mechanisms.
                                                                                                                                  
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Summary
                                                                                                                                Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                
+
                                                                                                                                Summary
                                                                                                                                By using HPA and CA, auto scaling can be effortlessly implemented in various scenarios. Additionally, the scaling process of nodes and pods can be conveniently tracked.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0302.html b/docs/cce/umn/cce_10_0302.html
index b7a5edda3..932802aed 100644
--- a/docs/cce/umn/cce_10_0302.html
+++ b/docs/cce/umn/cce_10_0302.html
@@ -5,7 +5,7 @@
 
                                                                                                                                Precautions
                                                                                                                                Before upgrading a cluster, pay attention to the following points:
                                                                                                                                
 
                                                                                                                                • Perform an upgrade during off-peak hours to minimize the impact on your services.
                                                                                                                                • Before upgrading a cluster, learn about the features and differences of each cluster version in Kubernetes Release Notes to prevent exceptions due to the use of an incompatible cluster version. For example, check whether any APIs deprecated in the target version are used in the cluster. Otherwise, calling the APIs may fail after the upgrade. For details, see Deprecated APIs.
                                                                                                                                
 
                                                                                                                                During a cluster upgrade, pay attention to the following points that may affect your services:
                                                                                                                                
-
                                                                                                                                • During a cluster upgrade, do not perform any operation on the cluster. Do not stop, restart, or delete nodes during cluster upgrade. Otherwise, the upgrade will fail.
                                                                                                                                • Before upgrading a cluster, ensure no high-risk operations are performed in the cluster. Otherwise, the cluster upgrade may fail or the configuration may be lost after the upgrade. Common high-risk operations include modifying cluster node configurations locally and modifying the configurations of the listeners managed by CCE on the ELB console. Instead, modify configurations on the CCE console so that the modifications can be automatically inherited during the upgrade.
                                                                                                                                • During a cluster upgrade, the running workloads will not be interrupted, but access to the API server will be temporarily interrupted.
                                                                                                                                • By default, application scheduling is not restricted during a cluster upgrade. During an upgrade of the following early cluster versions, the node.kubernetes.io/upgrade taint (equivalent to NoSchedule) will be added to the nodes in the cluster and removed after the cluster is upgraded:
                                                                                                                                  • All v1.15 clusters
                                                                                                                                  • All v1.17 clusters
                                                                                                                                  • v1.19 clusters with patch versions earlier than or equal to v1.19.16-r4
                                                                                                                                  • v1.21 clusters with patch versions earlier than or equal to v1.21.7-r0
                                                                                                                                  • v1.23 clusters with patch versions earlier than or equal to v1.23.5-r0
                                                                                                                                  
+
                                                                                                                                  • During a cluster upgrade, do not perform any operation on the cluster. If you stop, restart, or delete nodes while upgrading the cluster, the upgrade will fail.
                                                                                                                                  • Before upgrading a cluster, ensure no high-risk operations are performed in the cluster. Otherwise, the cluster upgrade may fail or the configuration may be lost after the upgrade. Common high-risk operations include modifying cluster node configurations locally and modifying the configurations of the listeners managed by CCE on the ELB console. Instead, modify configurations on the CCE console so that the modifications can be automatically inherited during the upgrade.
                                                                                                                                  • During a cluster upgrade, the running workloads will not be interrupted, but access to the API server will be temporarily interrupted.
                                                                                                                                  • By default, application scheduling is not restricted during a cluster upgrade. During an upgrade of the following early cluster versions, the node.kubernetes.io/upgrade taint (equivalent to NoSchedule) will be added to the nodes in the cluster and removed after the cluster is upgraded:
                                                                                                                                    • All v1.15 clusters
                                                                                                                                    • All v1.17 clusters
                                                                                                                                    • v1.19 clusters with patch versions earlier than or equal to v1.19.16-r4
                                                                                                                                    • v1.21 clusters with patch versions earlier than or equal to v1.21.7-r0
                                                                                                                                    • v1.23 clusters with patch versions earlier than or equal to v1.23.5-r0
                                                                                                                                    
 
                                                                                                                                  • Clusters of version 1.27 or later do not support nodes running EulerOS 2.5 or CentOS 7.7. If a node running EulerOS 2.5 or CentOS 7.7 is used, migrate the node OS to EulerOS release 2.9, Ubuntu 22.04, or HCE OS 2.0 before the cluster upgrade. For details, see Resetting a Node.
                                                                                                                                  
 
                                                                                                                                
 
                                                                                                                                Notes and Constraints
                                                                                                                                • If an error occurred during a cluster upgrade, the cluster can be rolled back using the backup data. If you perform other operations (for example, modifying cluster specifications) after a successful cluster upgrade, the cluster cannot be rolled back using the backup data.
                                                                                                                                • When clusters using the tunnel network model are upgraded to v1.19.16-r4, v1.21.7-r0, v1.23.5-r0, v1.25.1-r0, or later, the SNAT rule whose destination address is the container CIDR block but the source address is not the container CIDR block will be removed. If you have configured VPC routes to directly access all pods outside the cluster, only the pods on the corresponding nodes can be directly accessed after the upgrade.
                                                                                                                                • For more details, see Version Differences.
                                                                                                                                
@@ -172,8 +172,8 @@
 
                                                                                                                                flowcontrol.apiserver.k8s.io/v1beta3
                                                                                                                                
 
                                                                                                                                (This API has been available since v1.26.)
                                                                                                                                
 
-
                                                                                                                                • Significant changes in flowcontrol.apiserver.k8s.io/v1:
                                                                                                                                  spec.limited.assuredConcurrencyShares of PriorityLevelConfiguration has been renamed spec.limited.nominalConcurrencyShares. The default value is 30 only when it is not specified, and the explicit value 0 does not change to 30.
                                                                                                                                  
-
                                                                                                                                • Key changes in flowcontrol.apiserver.k8s.io/v1beta3:
                                                                                                                                  spec.limited.assuredConcurrencyShares of PriorityLevelConfiguration has been renamed spec.limited.nominalConcurrencyShares.
                                                                                                                                  
+
                                                                                                                                • Significant changes in flowcontrol.apiserver.k8s.io/v1:
                                                                                                                                  spec.limited.assuredConcurrencyShares of PriorityLevelConfiguration has been renamed spec.limited.nominalConcurrencyShares. The default value is 30 only when it is not specified, and the explicit value 0 does not change to 30.
                                                                                                                                  
+
                                                                                                                                • Key changes in flowcontrol.apiserver.k8s.io/v1beta3:
                                                                                                                                  spec.limited.assuredConcurrencyShares of PriorityLevelConfiguration has been renamed spec.limited.nominalConcurrencyShares.
                                                                                                                                  
 
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 3 APIs deprecated in Kubernetes v1.27
                                                                                                                                Resource Name
                                                                                                                                
+
                                                                                                                                
@@ -196,7 +196,7 @@
 
@@ -206,7 +206,7 @@
 
@@ -216,7 +216,7 @@
 
@@ -225,7 +225,7 @@
 
                                                                                                                                Table 3 APIs deprecated in Kubernetes v1.27
                                                                                                                                Resource
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deprecated API Version
                                                                                                                                
 
                                                                                                                                storage.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                storage.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.24.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.24.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                flowcontrol.apiserver.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                flowcontrol.apiserver.k8s.io/v1beta3
                                                                                                                                
-
                                                                                                                                (This API is available since v1.26.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.26.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                autoscaling/v2beta2
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                autoscaling/v2
                                                                                                                                
-
                                                                                                                                (This API is available since v1.23.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.23.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 4 APIs deprecated in Kubernetes v1.25
                                                                                                                                Resource Name
                                                                                                                                
+
                                                                                                                                
@@ -240,7 +240,7 @@
 
@@ -250,7 +250,7 @@
 
@@ -282,7 +282,7 @@
 
@@ -301,7 +301,7 @@
 
-
@@ -310,7 +310,7 @@
 
                                                                                                                                Table 4 APIs deprecated in Kubernetes v1.25
                                                                                                                                Resource
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deprecated API Version
                                                                                                                                
 
                                                                                                                                batch/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                batch/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.21.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.21.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                discovery.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                discovery.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.21.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.21.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Pay attention to the following changes:
                                                                                                                                
 
                                                                                                                                • In each endpoint, the topology["kubernetes.io/hostname"] field has been deprecated. Replace it with the nodeName field.
                                                                                                                                • In each endpoint, the topology["kubernetes.io/zone"] field has been deprecated. Replace it with the zone field.
                                                                                                                                • The topology field is replaced with deprecatedTopology and cannot be written in v1.
                                                                                                                                
@@ -261,7 +261,7 @@
 
                                                                                                                                events.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                events.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.19.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.19.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Pay attention to the following changes:
                                                                                                                                
 
                                                                                                                                • The type field can only be set to Normal or Warning.
                                                                                                                                • The involvedObject field is renamed regarding.
                                                                                                                                • The action, reason, reportingController, and reportingInstance fields are mandatory for creating a new events.k8s.io/v1 event.
                                                                                                                                • Use eventTime instead of the deprecated firstTimestamp field (this field has been renamed deprecatedFirstTimestamp and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                • Use series.lastObservedTime instead of the deprecated lastTimestamp field (this field has been renamed deprecatedLastTimestamp and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                • Use series.count instead of the deprecated count field (this field has been renamed deprecatedCount and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                • Use reportingController instead of the deprecated source.component field (this field has been renamed deprecatedSource.component and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                • Use reportingInstance instead of the deprecated source.host field (this field has been renamed deprecatedSource.host and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                
@@ -272,7 +272,7 @@
 
                                                                                                                                autoscaling/v2beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                autoscaling/v2
                                                                                                                                
-
                                                                                                                                (This API is available since v1.23.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.23.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                policy/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                policy/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.21.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.21.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                If spec.selector is set to null ({}) in PodDisruptionBudget of policy/v1, all pods in the namespace are selected. (In policy/v1beta1, an empty spec.selector means that no pod will be selected.) If spec.selector is not specified, pod will be selected in neither API version.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                node.k8s.io/v1beta1
                                                                                                                                
 
                                                                                                                                node.k8s.io/v1 (This API is available since v1.20.)
                                                                                                                                
+
                                                                                                                                node.k8s.io/v1 (This API has been available since v1.20.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 5 APIs deprecated in Kubernetes v1.22
                                                                                                                                Resource Name
                                                                                                                                
+
                                                                                                                                
@@ -326,7 +326,7 @@
 
@@ -336,7 +336,7 @@
 
@@ -357,7 +357,7 @@
 
@@ -370,7 +370,7 @@
 
@@ -380,7 +380,7 @@
 
@@ -404,7 +404,7 @@
 
                                                                                                                                extensions/v1beta1
                                                                                                                                
@@ -414,7 +414,7 @@
 
@@ -427,7 +427,7 @@
 
@@ -437,7 +437,7 @@
 
@@ -458,7 +458,7 @@
 
                                                                                                                                Table 5 APIs deprecated in Kubernetes v1.22
                                                                                                                                Resource
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deprecated API Version
                                                                                                                                
 
                                                                                                                                admissionregistration.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                admissionregistration.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.16.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.16.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                • The default value of webhooks[*].failurePolicy is changed from Ignore to Fail in v1.
                                                                                                                                • The default value of webhooks[*].matchPolicy is changed from Exact to Equivalent in v1.
                                                                                                                                • The default value of webhooks[*].timeoutSeconds is changed from 30s to 10s in v1.
                                                                                                                                • The default value of webhooks[*].sideEffects is deleted, and this field must be specified. In v1, the value can only be None or NoneOnDryRun.
                                                                                                                                • The default value of webhooks[*].admissionReviewVersions is deleted. In v1, this field must be specified. (AdmissionReview v1 and v1beta1 are supported.)
                                                                                                                                • webhooks[*].name must be unique in the list of objects created through admissionregistration.k8s.io/v1.
                                                                                                                                
 
                                                                                                                                apiextensions.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                apiextensions/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.16.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.16.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                • The default value of spec.scope is no longer Namespaced. This field must be explicitly specified.
                                                                                                                                • spec.version is deleted from v1. Use spec.versions instead.
                                                                                                                                • spec.validation is deleted from v1. Use spec.versions[*].schema instead.
                                                                                                                                • spec.subresources is deleted from v1. Use spec.versions[*].subresources instead.
                                                                                                                                • spec.additionalPrinterColumns is deleted from v1. Use spec.versions[*].additionalPrinterColumns instead.
                                                                                                                                • spec.conversion.webhookClientConfig is moved to spec.conversion.webhook.clientConfig in v1.
                                                                                                                                • spec.conversion.conversionReviewVersions is moved to spec.conversion.webhook.conversionReviewVersions in v1.
                                                                                                                                
 
                                                                                                                                • spec.versions[*].schema.openAPIV3Schema becomes a mandatory field when the CustomResourceDefinition object of the v1 version is created, and its value must be a structural schema.
                                                                                                                                • spec.preserveUnknownFields: true cannot be specified when the CustomResourceDefinition object of the v1 version is created. This configuration must be specified using x-kubernetes-preserve-unknown-fields: true in the schema definition.
                                                                                                                                • In v1, the JSONPath field in the additionalPrinterColumns entry is renamed jsonPath (patch #66531).
                                                                                                                                
@@ -347,7 +347,7 @@
 
                                                                                                                                apiregistration/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                apiregistration.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.10.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.10.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                authentication.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                authentication.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.6.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.6.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                authorization.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                authorization.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.16.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.16.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                spec.group was renamed spec.groups in v1 (patch #32709).
                                                                                                                                
 
                                                                                                                                certificates.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                certificates.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.19.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.19.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Pay attention to the following changes in certificates.k8s.io/v1:
                                                                                                                                • For an API client that requests a certificate:
                                                                                                                                  • spec.signerName becomes a mandatory field (see Known Kubernetes Signers). In addition, the certificates.k8s.io/v1 API cannot be used to create requests whose signer is kubernetes.io/legacy-unknown.
                                                                                                                                  • spec.usages now becomes a mandatory field, which cannot contain duplicate string values and can contain only known usage strings.
                                                                                                                                  
 
                                                                                                                                • For an API client that needs to approve or sign a certificate:
                                                                                                                                  • status.conditions cannot contain duplicate types.
                                                                                                                                  • The status.conditions[*].status field is now mandatory.
                                                                                                                                  • The status.certificate must be PEM-encoded and can contain only the CERTIFICATE data block.
                                                                                                                                  
@@ -393,7 +393,7 @@
 
                                                                                                                                coordination.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                coordination.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.14.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.14.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                networking.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.19.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.19.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                • The spec.backend field is renamed spec.defaultBackend.
                                                                                                                                • The serviceName field of the backend is renamed service.name.
                                                                                                                                • The backend servicePort field represented by a number is renamed service.port.number.
                                                                                                                                • The backend servicePort field represented by a string is renamed service.port.name.
                                                                                                                                • The pathType field is mandatory for all paths to be specified. The options are Prefix, Exact, and ImplementationSpecific. To match the behavior of not defining the path type in v1beta1, use ImplementationSpecific.
                                                                                                                                
 
                                                                                                                                networking.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                networking.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.19.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.19.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                rbac.authorization.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                rbac.authorization.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.8.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.8.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                scheduling.k8s.io/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                scheduling.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.14.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.14.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                
-
@@ -39,15 +42,15 @@
 
-
-
-
@@ -73,14 +76,14 @@
 
-
-
-
-
                                                                                                                                Table 6 APIs deprecated in Kubernetes v1.16
                                                                                                                                Resource Name
                                                                                                                                
+
                                                                                                                                
@@ -473,7 +473,7 @@
 
@@ -484,7 +484,7 @@
 
                                                                                                                                apps/v1beta2
                                                                                                                                
@@ -496,7 +496,7 @@
 
                                                                                                                                apps/v1beta2
                                                                                                                                
@@ -507,7 +507,7 @@
 
                                                                                                                                apps/v1beta2
                                                                                                                                
@@ -519,7 +519,7 @@
 
                                                                                                                                apps/v1beta2
                                                                                                                                
@@ -529,7 +529,7 @@
 
diff --git a/docs/cce/umn/cce_10_0307.html b/docs/cce/umn/cce_10_0307.html
index fcb6d9bad..0b46add07 100644
--- a/docs/cce/umn/cce_10_0307.html
+++ b/docs/cce/umn/cce_10_0307.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                Overview
                                                                                                                                Container Storage
                                                                                                                                CCE container storage is implemented based on Kubernetes container storage APIs (CSI). CCE integrates multiple types of cloud storage and covers different application scenarios. CCE is fully compatible with Kubernetes native storage services, such as emptyDir, hostPath, secret, and ConfigMap.
                                                                                                                                
-
                                                                                                                                Figure 1 Container storage types
                                                                                                                                
+
                                                                                                                                Figure 1 Container storage types
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                CCE allows workload pods to use multiple types of storage:
                                                                                                                                
 
                                                                                                                                • In terms of implementation, storage supports Container Storage Interface (CSI) and Kubernetes native storage.
@@ -100,7 +100,7 @@
 
                                                                                                                                
-
diff --git a/docs/cce/umn/cce_10_0336.html b/docs/cce/umn/cce_10_0336.html
index 4b6bf8cb7..236816156 100644
--- a/docs/cce/umn/cce_10_0336.html
+++ b/docs/cce/umn/cce_10_0336.html
@@ -1,19 +1,19 @@
 
                                                                                                                                Using a Custom Access Key (AK/SK) to Mount an OBS Volume
                                                                                                                                
-
                                                                                                                                Scenario
                                                                                                                                CCE Container Storage (Everest) of version 1.2.8 or later supports custom access keys. In this way, IAM users can use their own custom access keys to mount an OBS volume. 
                                                                                                                                
+
                                                                                                                                Scenario
                                                                                                                                CCE Container Storage (Everest) of v1.2.8 or later supports custom access keys. In this way, IAM users can use their own custom access keys to mount an OBS volume. 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Prerequisites
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Notes and Constraints
                                                                                                                                • When an OBS volume is mounted using a custom access key (AK/SK), the access key cannot be deleted or disabled. Otherwise, the service container cannot access the mounted OBS volume.
                                                                                                                                • Custom access keys cannot be configured for Kata containers.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Disabling Auto Key Mounting
                                                                                                                                The key you uploaded is used by default when mounting an OBS volume. That is, all IAM users under your account will use the same key to mount OBS buckets, and they have the same permissions on buckets. This setting does not allow you to configure differentiated permissions for different IAM users.
                                                                                                                                
+
                                                                                                                                Disabling Auto Key Mounting
                                                                                                                                On the earlier version's console, you need to upload the AK/SK, which is then used by default for mounting an OBS volume. As a result, all IAM users within your account will use the same key to mount OBS buckets, and they will have identical permissions on the buckets. However, this setting does not allow you to set different permissions for individual IAM users.
                                                                                                                                
 
                                                                                                                                If you have uploaded the AK/SK, disable the automatic mounting of access keys by enabling the disable_auto_mount_secret parameter in the Everest add-on to prevent IAM users from performing unauthorized operations. In this way, the access keys uploaded on the console will not be used when creating OBS volumes.
                                                                                                                                
 
                                                                                                                                 
                                                                                                                                • When enabling disable-auto-mount-secret, ensure that no OBS volume exists in the cluster. A workload mounted with an OBS volume, when scaled or restarted, will fail to remount the OBS volume because it needs to specify the access key but is prohibited by disable-auto-mount-secret.
                                                                                                                                • If disable-auto-mount-secret is set to true, an access key must be specified when a PV or PVC is created. Otherwise, the OBS volume fails to be mounted.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                kubectl edit ds everest-csi-driver -nkube-system
                                                                                                                                
 
                                                                                                                                Search for disable-auto-mount-secret and set it to true.
                                                                                                                                
-
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                Run :wq to save the settings and exit. Wait until the pod is restarted.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Obtaining an Access Key
                                                                                                                                1. Log in to the console.
                                                                                                                                2. Hover the cursor over the username in the upper right corner and choose My Credentials from the drop-down list.
                                                                                                                                3. In the navigation pane, choose Access Keys.
                                                                                                                                4. Click Create Access Key. The Create Access Key dialog box is displayed.
                                                                                                                                5. Click OK to download the access key.
                                                                                                                                
@@ -226,7 +226,7 @@ spec:
 
                                                                                                                                touch: setting times of '/temp/test': No such file or directory
 command terminated with exit code 1
                                                                                                                                
 
                                                                                                                              • Set the read/write permissions for the IAM user who mounted the OBS volume by referring to the bucket policy configuration.
                                                                                                                                
-
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                              • Write data into the mount path again. In this example, the write operation succeeded.
                                                                                                                                kubectl exec obs-secret-5cd558f76f-vxslv -- touch /temp/test
                                                                                                                                
 
                                                                                                                              • Check the mount path in the container to see whether the data is successfully written.
                                                                                                                                kubectl exec obs-secret-5cd558f76f-vxslv -- ls -l /temp/
                                                                                                                                
 
                                                                                                                                Expected outputs:
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0337.html b/docs/cce/umn/cce_10_0337.html
index 4588c23f3..d88642428 100644
--- a/docs/cce/umn/cce_10_0337.html
+++ b/docs/cce/umn/cce_10_0337.html
@@ -67,7 +67,7 @@
 
 
                                                                                                                                • Table 6 APIs deprecated in Kubernetes v1.16
                                                                                                                                Resource
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deprecated API Version
                                                                                                                                
 
                                                                                                                                extensions/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                networking.k8s.io/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.8.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.8.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                apps/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.9.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.9.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                • The spec.templateGeneration field is deleted.
                                                                                                                                • spec.selector is now a mandatory field and cannot be changed after the object is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                • The default value of spec.updateStrategy.type is changed to RollingUpdate (the default value in the extensions/v1beta1 API version is OnDelete).
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                apps/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.9.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.9.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                • The spec.rollbackTo field is deleted.
                                                                                                                                • spec.selector is now a mandatory field and cannot be changed after the Deployment is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                • The default value of spec.progressDeadlineSeconds is changed to 600 seconds (the default value in extensions/v1beta1 is unlimited).
                                                                                                                                • The default value of spec.revisionHistoryLimit is changed to 10. (In the apps/v1beta1 API version, the default value of this field is 2. In the extensions/v1beta1 API version, all historical records are retained by default.)
                                                                                                                                • The default values of maxSurge and maxUnavailable are changed to 25%. (In the extensions/v1beta1 API version, these fields default to 1.)
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                apps/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.9.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.9.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                • spec.selector is now a mandatory field and cannot be changed after the StatefulSet is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                • The default value of spec.updateStrategy.type is changed to RollingUpdate (the default value in the apps/v1beta1 API version is OnDelete).
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                apps/v1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.9.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.9.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                spec.selector is now a mandatory field and cannot be changed after the object is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                
 
                                                                                                                                extensions/v1beta1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                policy/v1beta1
                                                                                                                                
-
                                                                                                                                (This API is available since v1.10.)
                                                                                                                                
+
                                                                                                                                (This API has been available since v1.10.)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                PodSecurityPolicy for the policy/v1beta1 API version will be removed in v1.25.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Access mode
                                                                                                                                
 
                                                                                                                                Accessible only after being attached to ECSs and initialized.
                                                                                                                                
+
                                                                                                                                Accessible only after being mounted to ECSs and initialized.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Mounted to ECSs using network protocols. A network address must be specified or mapped to a local directory for access.
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                                
+
                                                                                                                                You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                                
 
 
                                                                                                                                Configuring Mount Options in a PV
                                                                                                                                You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                                                                
 
                                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                2. Configure mount options in a PV. Example:
                                                                                                                                  apiVersion: v1
@@ -116,7 +116,7 @@ parameters:
   csi.storage.k8s.io/csi-driver-name: nas.csi.everest.io
   csi.storage.k8s.io/fstype: nfs
 everest.io/share-access-to: <your_vpc_id> # VPC ID of the cluster
- reclaimPolicy: Delete
+reclaimPolicy: Delete
 volumeBindingMode: Immediate
 mountOptions:                            # Mount options
 - vers=3
diff --git a/docs/cce/umn/cce_10_0338.html b/docs/cce/umn/cce_10_0338.html
index d8fa00f72..4d6d5c1d0 100644
--- a/docs/cce/umn/cce_10_0338.html
+++ b/docs/cce/umn/cce_10_0338.html
@@ -7,7 +7,7 @@
 
                                                                                                                                
 
                                                                                                                                Notes and Constraints
                                                                                                                                • If the OS fails to be re-installed after the node is removed, manually re-install the OS. After the re-installation, log in to the node and run the clearance script to clear CCE components. For details, see Handling Failed OS Reinstallation.
                                                                                                                                • Removing a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Precautions
                                                                                                                                • Removing a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                                                                                                                                • Unexpected risks may occur during the operation. Back up data beforehand.
                                                                                                                                • While the node is being deleted, the backend will set the node to the unschedulable state.
                                                                                                                                • After you remove the node and re-install the OS, the original LVM partitions will be cleared and the data managed by LVM will be cleared. Therefore, back up data in advance.
                                                                                                                                
+
                                                                                                                                Precautions
                                                                                                                                • When you remove a node, the pods running on it will need to migrate to another node, which could potentially impact your services. To avoid any disruptions, drain the node so that pods can be gracefully evicted to other available nodes. Additionally, perform this task during off-peak hours.
                                                                                                                                • Unexpected risks may occur during the operation. Back up data beforehand.
                                                                                                                                • When a node is removed, the backend will make it unschedulable.
                                                                                                                                • After you remove the node and re-install the OS, the original LVM partitions will be cleared and the data managed by LVM will be cleared. Therefore, back up data in advance.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Procedure
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                                                3. Locate the target node and choose More > Remove in the Operation column.
                                                                                                                                4. In the dialog box displayed, configure the login information required for re-installing the OS and click Yes. Wait until the node is removed.
                                                                                                                                  After the node is removed, workload pods on the node are automatically migrated to other available nodes.
                                                                                                                                  
 
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0341.html b/docs/cce/umn/cce_10_0341.html
index b58b0bb12..164d7dd23 100644
--- a/docs/cce/umn/cce_10_0341.html
+++ b/docs/cce/umn/cce_10_0341.html
@@ -1,9 +1,12 @@
 
 
-
                                                                                                                                Data Disk Space Allocation
                                                                                                                                
+
                                                                                                                                Space Allocation of a Data Disk
                                                                                                                                
 
                                                                                                                                This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.
                                                                                                                                
-
                                                                                                                                Allocating Data Disk Space
                                                                                                                                When creating a node, configure data disks for the node. You can also click Expand and customize the data disk space allocation for the node.
                                                                                                                                
-
                                                                                                                                • Space Allocation for Container Engines
                                                                                                                                  • Specified disk space: CCE divides the data disk space for two parts by default. One part is used to store the Docker/containerd working directories, container images, and image metadata. The other is reserved for kubelet and emptyDir volumes. The available container engine space affects image pulls and container startup and running.
                                                                                                                                    • Container engine and container image space (90% by default): stores the container runtime working directories, container image data, and image metadata.
                                                                                                                                    • kubelet and emptyDir space (10% by default): stores pod configuration files, secrets, and mounted storage such as emptyDir volumes.
                                                                                                                                    
+
                                                                                                                                    Allocating Default Data Disk Space
                                                                                                                                     
                                                                                                                                    • In clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0, a default data disk will be added to the node its container runtime and kubelet components. You can customize the space allocation of the default data disk.
                                                                                                                                    • In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, a default data disk will be added to the node for its container runtime and kubelet components only if System Component Storage is set to Data Disk. You can customize the space allocation of the default data disk.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    When creating a node, you can customize Data Disk Space Allocation in the expanded area of Data Disk.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    • Space Allocation for Container Engines
                                                                                                                                      • Specified disk space: CCE divides the data disk space for two parts by default. One part is used to store the Docker/containerd working directories, container image data, and image metadata. The other is reserved for kubelet and emptyDir volumes. The available container engine space affects image pulls and container startup and running.
                                                                                                                                        • Container engine and container image space (90% by default): stores the container runtime working directories, container image data, and image metadata.
                                                                                                                                        • kubelet and emptyDir space (10% by default): stores pod configuration files, secrets, and mounted storage such as emptyDir volumes.
                                                                                                                                        
 
                                                                                                                                         
                                                                                                                                        If the sum of the container engine and container image space and the kubelet and emptyDir space is less than 100%, the remaining space will be allocated for user data. You can mount the storage volume to a service path. Do not leave the path empty or set it to a key OS path such as the root directory.
                                                                                                                                        
 
                                                                                                                                        
 
                                                                                                                                      
@@ -14,15 +17,15 @@
 
                                                                                                                                      • Rootfs (Device Mapper)
                                                                                                                                        By default, the container engine and image space, occupying 90% of the data disk, can be divided into the following two parts:
                                                                                                                                        • The /var/lib/docker directory is used as the Docker working directory and occupies 20% of the container engine and container image space by default. (Space size of the /var/lib/docker directory = Data disk space x 90% x 20%)
                                                                                                                                        • The thin pool is used to store container image data, image metadata, and container data, and occupies 80% of the container engine and container image space by default. (Thin pool space = Data disk space x 90% x 80%)
                                                                                                                                          The thin pool is dynamically mounted. You can view it by running the lsblk command on a node, but not the df -h command.
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        Figure 1 Space allocation for container engines of Device Mapper
                                                                                                                                        
+
                                                                                                                                        Figure 1 Space allocation for container engines of Device Mapper
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                      • Rootfs (OverlayFS)
                                                                                                                                        No separate thin pool. The entire container engine and container image space (90% of the data disk by default) are in the /var/lib/docker directory.
                                                                                                                                        
-
                                                                                                                                        Figure 2 Space allocation for container engines of OverlayFS
                                                                                                                                        
+
                                                                                                                                        Figure 2 Space allocation for container engines of OverlayFS
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                    
 
                                                                                                                                    Space Allocation for Pods
                                                                                                                                    The customized pod container space (basesize) is related to the node OS and container storage Rootfs. For details about the container storage Rootfs, see Mapping Between OS and Container Storage Rootfs.
                                                                                                                                    
 
                                                                                                                                    • Device Mapper supports custom pod basesize. The default value is 10 GiB.
                                                                                                                                    • In OverlayFS mode, the pod container space is not limited by default.
                                                                                                                                    
-
                                                                                                                                    When configuring basesize, you need to consider the maximum number of pods during node creation. The container engine space should be greater than the total disk space used by containers. Formula: Container engine space and container image space (90% by default) > Number of containers x basesize. Otherwise, the container engine space allocated to the node may be insufficient and the container cannot be started.
                                                                                                                                    
+
                                                                                                                                    When configuring basesize, consider the maximum number of pods allowed on one node. The container engine space should be greater than the total disk space used by containers. Formula: Container engine space and container image space (90% by default) > Number of containers x basesize. Otherwise, the container engine space allocated to the node may be insufficient and the container cannot be started.
                                                                                                                                    
 
                                                                                                                                    For nodes that support basesize, when Device Mapper is used, although you can limit the size of the /home directory of a single container (to 10 GiB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                                                                    
 
                                                                                                                                    In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GiB, the thin pool space occupied by files keeps increasing until 10 GiB when files are created in the container. The space released after file deletion will be reused but after a while. If the number of containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                                                                    
 
                                                                                                                                    
@@ -31,7 +34,7 @@
 
                                                                                                                                		
 
                                                                                                                                Container Storage Rootfs
                                                                                                                                
 
                                                                                                                                Customized Basesize
                                                                                                                                
+
                                                                                                                                Custom Basesize
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
                                                                                                                                OverlayFS
                                                                                                                                
 
                                                                                                                                Supported by clusters of v1.19.16, v1.21.3, v1.23.3, or later. Both Docker and containerd are supported. There are no limits by default.
                                                                                                                                
-
                                                                                                                                Not supported if the cluster versions are earlier than v1.19.16, v1.21.3, or v1.23.3.
                                                                                                                                
+
                                                                                                                                Supported by Docker clusters of v1.19.16-r0, v1.21.3-r0, v1.23.3-r0, or later. There are no limits by default.
                                                                                                                                
+
                                                                                                                                Not supported by clusters of a version earlier than v1.19.16-r0, v1.21.3-r0, or v1.23.3-r0.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Ubuntu 22.04
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                OverlayFS
                                                                                                                                
 
                                                                                                                                Not supported.
                                                                                                                                
+
                                                                                                                                Not supported
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                HCE OS 2.0
                                                                                                                                
@@ -65,7 +68,7 @@
 
 
                                                                                                                                Container Storage Rootfs
                                                                                                                                
 
                                                                                                                                Customized Basesize
                                                                                                                                
+
                                                                                                                                Custom Basesize
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
 
                                                                                                                                OverlayFS
                                                                                                                                
 
                                                                                                                                Not supported.
                                                                                                                                
+
                                                                                                                                Not supported
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                EulerOS 2.9
                                                                                                                                
 
                                                                                                                                ECS VMs use OverlayFS.
                                                                                                                                
+
                                                                                                                                OverlayFS
                                                                                                                                
 
                                                                                                                                Supported only when Rootfs is set to OverlayFS and the container engine is Docker. There are no limits by default. 
                                                                                                                                
+
                                                                                                                                Supported when Rootfs is set to OverlayFS and the runtime is Docker. There are no limits by default. 
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                HCE OS 2.0
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0342.html b/docs/cce/umn/cce_10_0342.html
index aa660d9f3..871ba54ae 100644
--- a/docs/cce/umn/cce_10_0342.html
+++ b/docs/cce/umn/cce_10_0342.html
@@ -3,71 +3,71 @@
 
                                                                                                                                Comparison Between Cluster Types
                                                                                                                                
 
                                                                                                                                Comparison
                                                                                                                                CCE provides different types of clusters for you to select. The following table lists the differences between them.
                                                                                                                                
 
-
                                                                                                                                Category
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0348.html b/docs/cce/umn/cce_10_0348.html
index 81fe3ad1a..4fa62f6f8 100644
--- a/docs/cce/umn/cce_10_0348.html
+++ b/docs/cce/umn/cce_10_0348.html
@@ -5,39 +5,39 @@
 
 
                                                                                                                                Category
                                                                                                                                
 
                                                                                                                                Subcategory
                                                                                                                                
+
                                                                                                                                Subcategory
                                                                                                                                
 
                                                                                                                                CCE Standard
                                                                                                                                
+
                                                                                                                                CCE Standard
                                                                                                                                
 
                                                                                                                                CCE Turbo
                                                                                                                                
+
                                                                                                                                CCE Turbo
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Positioning
                                                                                                                                
+
                                                                                                                                Positioning
                                                                                                                                
 
                                                                                                                                -
                                                                                                                                
+
                                                                                                                                -
                                                                                                                                
 
                                                                                                                                Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                                                                
+
                                                                                                                                Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                                                                
 
                                                                                                                                Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                
+
                                                                                                                                Next-generation clusters designed for Cloud Native 2.0, with accelerated compute, networking, and scheduling
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Application scenario
                                                                                                                                
+
                                                                                                                                Application scenario
                                                                                                                                
 
                                                                                                                                -
                                                                                                                                
+
                                                                                                                                -
                                                                                                                                
 
                                                                                                                                For users who expect to use container clusters to manage applications, obtain elastic computing resources, and enable simplified management on computing, network, and storage resources
                                                                                                                                
+
                                                                                                                                For users who expect to use container clusters to manage applications, obtain elastic compute resources, and enable simplified management on compute, network, and storage resources
                                                                                                                                
 
                                                                                                                                For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                                                                
+
                                                                                                                                For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Specification difference
                                                                                                                                
+
                                                                                                                                Specification difference
                                                                                                                                
 
                                                                                                                                Network model
                                                                                                                                
+
                                                                                                                                Network model
                                                                                                                                
 
                                                                                                                                Cloud native 1.0 network: applies to common, smaller-scale scenarios.
                                                                                                                                
-
                                                                                                                                • Tunnel network
                                                                                                                                • Virtual Private Cloud (VPC) network
                                                                                                                                
+
                                                                                                                                Cloud native 1.0 networks: for scenarios where requirements on performance are not high and there are not so many containers
                                                                                                                                
+
                                                                                                                                • Tunnel network
                                                                                                                                • Virtual Private Cloud (VPC) network
                                                                                                                                
 
                                                                                                                                Cloud Native 2.0 network: applies to large-scale and high-performance scenarios.
                                                                                                                                
-
                                                                                                                                Max networking scale: 2,000 nodes
                                                                                                                                
+
                                                                                                                                Cloud Native 2.0 networks: for scenarios where requirements on performance are high and there are many containers
                                                                                                                                
+
                                                                                                                                Max networking scale: 2,000 nodes
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Network performance
                                                                                                                                
+
                                                                                                                                Network performance
                                                                                                                                
 
                                                                                                                                Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                
+
                                                                                                                                The container network is overlaid with the VPC network, causing certain performance loss.
                                                                                                                                
 
                                                                                                                                Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                
+
                                                                                                                                The VPC network and container network are flattened into one for zero performance loss.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Network isolation
                                                                                                                                
+
                                                                                                                                Network isolation
                                                                                                                                
 
                                                                                                                                • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                • VPC network model: supports no isolation.
                                                                                                                                
+
                                                                                                                                • Tunnel network model: network policies supported for communications within a cluster
                                                                                                                                • VPC network model: isolation not supported
                                                                                                                                
 
                                                                                                                                Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                
+
                                                                                                                                Pods can be associated with security groups for isolation. This isolation policy, based on security groups, ensures consistent security isolation both within and outside of a cluster.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Security isolation
                                                                                                                                
+
                                                                                                                                Security isolation
                                                                                                                                
 
                                                                                                                                Runs common containers, isolated by cgroups.
                                                                                                                                
+
                                                                                                                                cgroups are used to isolate common containers.
                                                                                                                                
 
                                                                                                                                • Physical machine: runs secure containers, allowing VM-level isolation.
                                                                                                                                • Runs common containers, isolated by cgroups.
                                                                                                                                
+
                                                                                                                                • VM-level isolation is supported for secure containers that run only on physical machines.
                                                                                                                                • cgroups are used to isolate common containers.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Edge infrastructure management
                                                                                                                                
+
                                                                                                                                Edge infrastructure management
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                Not supported
                                                                                                                                
 
                                                                                                                                Supports management of Intelligent EdgeSite (IES).
                                                                                                                                
+
                                                                                                                                Management of CloudPond edge sites
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
                                                                                                                                Network Model
                                                                                                                                
 
                                                                                                                                Calculation of the Maximum Number of Pods That Can Be Created on a Node
                                                                                                                                
+
                                                                                                                                Maximum Number of Pods on a Node
                                                                                                                                
 
                                                                                                                                Suggestions
                                                                                                                                
+
                                                                                                                                Recommended Configuration
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Container tunnel network
                                                                                                                                
+
                                                                                                                                Tunnel network
                                                                                                                                
 
                                                                                                                                Depends on maximum number of pods on a node.
                                                                                                                                
+
                                                                                                                                Maximum number of pods on a node
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                VPC network
                                                                                                                                
+
                                                                                                                                VPC network
                                                                                                                                
 
                                                                                                                                Depends on the smaller value between the maximum number of pods on a node and the number of container IP addresses that can be allocated on a node.
                                                                                                                                
+
                                                                                                                                The smaller value between the maximum number of pods on a node and the number of container IP addresses that can be allocated on a node
                                                                                                                                
 
                                                                                                                                To ensure proper functioning of new pods on a node, it is recommended that you limit maximum number of pods on the node to the number of container IP addresses that can be allocated on the node. If the number of container IP addresses on the node is insufficient, new pods may not run properly.
                                                                                                                                
+
                                                                                                                                To ensure new pods run smoothly on a node, make sure that the number of pods on the node does not exceed the number of container IP addresses that can be assigned to it. If there are not enough container IP addresses available on the node, the new pods may not function properly.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Cloud Native 2.0 network (for CCE Turbo clusters)
                                                                                                                                
+
                                                                                                                                Cloud Native Network 2.0 (for CCE Turbo clusters)
                                                                                                                                
 
                                                                                                                                Depends on the smaller value between maximum number of pods on a node and the number of ENIs on a node in a CCE Turbo cluster.
                                                                                                                                
+
                                                                                                                                The smaller value between the maximum number of pods on a node and the number of ENIs on a node in a CCE Turbo cluster
                                                                                                                                
 
                                                                                                                                To ensure proper functioning of new pods on a node, it is recommended that you limit the maximum number of pods on the node to the number of ENIs available on it. If the available ENIs on the node are insufficient, new pods may not run properly.
                                                                                                                                
+
                                                                                                                                To ensure new pods run smoothly on a node, make sure that the number of pods on the node does not exceed the number of ENIs on it. If there are not enough ENIs available on the node, the new pods may not function properly.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Number of Container IP Addresses That Can Be Allocated on a Node
                                                                                                                                When creating a cluster using a VPC network, you need to configure the number of container IP addresses that can be allocated on each node (that is, the alpha.cce/fixPoolMask parameter) based on the allocation rules. For details about the VPC network's IP address allocation rules, see Container IP Address Management.
                                                                                                                                
-
                                                                                                                                This parameter affects the maximum number of pods that can be created on a node. When container network is used, an IP address is allocated to every pod. If the container IP addresses pre-allocated on the node are insufficient, pods cannot be created. If pods use the host network (hostNetwork: true configured in the YAML file), the pods do not occupy the allocatable container IP addresses. For details, see Pod IP Address Allocation Differences Between the Container Network and Host Network.
                                                                                                                                
+
                                                                                                                                Number of Allocatable Container IP Addresses on a Node
                                                                                                                                When creating a cluster in the VPC network model, specify the number of container IP addresses that can be allocated on each node using alpha.cce/fixPoolMask based on the rules for managing container IP addresses.
                                                                                                                                
+
                                                                                                                                The maximum number of pods that can be created on a node is determined by the number of container IP addresses that can be allocated to it. In a container network, each pod needs its own IP address. If there are not enough pre-allocated container IP addresses on the node, pods cannot be created. If hostNetwork: true is configured in the YAML file, pods will use the host network instead of the allocatable container IP addresses. For details, see Pod IP Address Allocation Differences Between the Container Network and Host Network.
                                                                                                                                
 
                                                                                                                                By default, a node occupies three container IP addresses (network address, gateway address, and broadcast address). Therefore, the number of container IP addresses that can be allocated to a node equals the number of selected container IP addresses minus 3. 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Maximum Number of Pods on a Node
                                                                                                                                When creating a node, you can configure the maximum number of pods (maxPods) that can be created on the node. This parameter is a configuration item of kubelet and determines the maximum number of pods that can be created by kubelet.
                                                                                                                                
@@ -81,10 +81,10 @@
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Number of Node ENIs (CCE Turbo Clusters)
                                                                                                                                In a CCE Turbo cluster, ECS nodes use sub-ENIs. The maximum number of pods that can be created on a node depends on the number of ENIs that can be used by the node.
                                                                                                                                
+
                                                                                                                                Number of Node ENIs (Available Only in CCE Turbo Clusters)
                                                                                                                                In a CCE Turbo cluster, ECS nodes use sub-ENIs. The maximum number of pods that can be created on a node depends on the number of ENIs that can be used by the node.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Pod IP Address Allocation Differences Between the Container Network and Host Network
                                                                                                                                When creating a pod, you can select the container network or host network for the pod.
                                                                                                                                
-
                                                                                                                                • Container network (default): Each pod is assigned an IP address by the cluster networking add-ons, which occupies the IP addresses of the container network.
                                                                                                                                • Host network: The pod uses the host network (hostNetwork: true needs to be configured for the pod) and occupies the host port. The pod IP address is the host IP address. The pod does not occupy the IP addresses of the container network. To use the host network, you must confirm whether the container ports conflict with the host ports. Do not use the host network unless a specific application must use a specific port on the host.
                                                                                                                                
+
                                                                                                                                • Container network (default): Each pod is assigned an IP address by the cluster networking add-ons, which occupies the IP addresses of the container network.
                                                                                                                                • Host network: Pods with hostNetwork: true configured directly use the network of the host.  After the configuration, the pods use the ports on the host and their IP address is identical to that of the host, without relying on the IP addresses of the container network. When using a host network, avoid conflicts between the pod ports and service ports on the host. Use a host network only if a particular application requires access to a specific port on the host.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0351.html b/docs/cce/umn/cce_10_0351.html
index 1516c3727..79b7c4f8b 100644
--- a/docs/cce/umn/cce_10_0351.html
+++ b/docs/cce/umn/cce_10_0351.html
@@ -1,21 +1,25 @@
 
 
 
                                                                                                                                CPU Policy
                                                                                                                                
-
                                                                                                                                Scenarios
                                                                                                                                By default, kubelet uses CFS quotas to enforce pod CPU limits. When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                                                                                
+
                                                                                                                                Application Scenarios
                                                                                                                                By default, kubelet uses CFS quotas to enforce pod CPU limits. When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                                                                                
 
                                                                                                                                • CPU throttling
                                                                                                                                • Context switching
                                                                                                                                • Processor cache misses
                                                                                                                                • Cross-socket memory access
                                                                                                                                • Hyperthreads that are expected to run on the same physical CPU card
                                                                                                                                
-
                                                                                                                                If your workloads are sensitive to any of these items and CPU cache affinity and scheduling latency significantly affect workload performance, kubelet allows alternative CPU management policies (CPU binding) to determine some placement preferences on the node. The CPU manager preferentially allocates resources on a socket and full physical cores to avoid interference.
                                                                                                                                
+
                                                                                                                                If your workloads are sensitive to any of these items, you can use Kubernetes CPU management policies to allocate dedicated CPU cores (through CPU core binding) to these workloads. This will shorten scheduling latency and improve application performance. The CPU manager preferentially allocates resources on a socket and full physical cores to avoid interference.
                                                                                                                                
+
                                                                                                                                A CPU management policy is specified by using kubelet --cpu-manager-policy. By default, Kubernetes supports the following policies:
                                                                                                                                
+
                                                                                                                                • none: the default policy. The none policy explicitly enables the existing default CPU affinity scheme, providing no affinity beyond what the OS scheduler does automatically.
                                                                                                                                • static: The static policy allows containers in guaranteed pods with integer CPU requests to be use dedicated CPU resources on nodes through CPU core binding.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Notes and Constraints
                                                                                                                                The CPU management policy cannot take effect on physical cloud server nodes.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Enabling the CPU Management Policy
                                                                                                                                A CPU management policy is specified by the kubelet flag --cpu-manager-policy. By default, Kubernetes supports the following policies:
                                                                                                                                
-
                                                                                                                                • Disabled (none): the default policy. The none policy explicitly enables the existing default CPU affinity scheme, providing no affinity beyond what the OS scheduler does automatically.
                                                                                                                                • Enabled (static): The static policy allows containers in guaranteed pods with integer GPU requests to be granted increased CPU affinity and exclusivity on the node.
                                                                                                                                
-
                                                                                                                                When creating a cluster, you can configure the CPU management policy in Advanced Settings.
                                                                                                                                
+
                                                                                                                                Enabling CPU Management for the Default Node Pool
                                                                                                                                When creating a cluster, you can enable CPU management in Advanced Settings.
                                                                                                                                
+
                                                                                                                                • If this function is enabled, the static Kubernetes policy is used, where CPU core binding is used.
                                                                                                                                • If this function is disabled, the none Kubernetes policy is used, where CPU core binding is not used.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                You can also configure the policy in a node pool. The configuration will change the kubelet flag --cpu-manager-policy on the node. Log in to the CCE console, click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, click the Node Pools tab. Choose More > Manage in the Operation column of the target node pool, and change the value of cpu-manager-policy to static.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Enabling CPU Management for a Custom Node Pool
                                                                                                                                You can configure a CPU management policy in a custom node pool. After the configuration, the kubelet parameter --cpu-manager-policy will be automatically modified on the node in the node pool.
                                                                                                                                
+
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. Choose Nodes in the navigation pane and click the Node Pools tab on the right. Locate the target node pool and choose More > Manage.
                                                                                                                                3. On the Manage Configurations page, change the cpu-manager-policy value to static in the kubelet area.
                                                                                                                                  
+
                                                                                                                                4. Click OK.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Allowing Pods to Exclusively Use the CPU Resources
                                                                                                                                Prerequisites:
                                                                                                                                
-
                                                                                                                                • Enable the static policy on the node. For details, see Enabling the CPU Management Policy.
                                                                                                                                • Both requests and limits must be configured in pods and their values must be the same integer.
                                                                                                                                • If an init container needs to exclusively use CPUs, set its requests to the same as that of the service container. Otherwise, the service container does not inherit the CPU allocation result of the init container, and the CPU manager reserves more CPU resources than supposed. For more information, see App Containers can't inherit Init Containers CPUs - CPU Manager Static Policy.
                                                                                                                                
-
                                                                                                                                You can use Scheduling Policies (Affinity/Anti-affinity) to schedule the configured pods to the nodes where the static policy is enabled. In this way, the pods can exclusively use the CPU resources.
                                                                                                                                
+
+
                                                                                                                                You can use node affinity scheduling to schedule the configured pods to the nodes where the static policy is enabled. In this way, the pods can exclusively use the CPU resources.
                                                                                                                                
 
                                                                                                                                Example YAML:
                                                                                                                                kind: Deployment
 apiVersion: apps/v1
 metadata:
@@ -44,6 +48,13 @@ spec:
         - name: default-secret
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
+
                                                                                                                                Verification
                                                                                                                                Take a node with 8 vCPUs and 16 GiB of memory as an example. Deploy a workload whose CPU request and limit are both 2 on the node beforehand.
                                                                                                                                
+
                                                                                                                                Log in to the node where the workload is running and check the /var/lib/kubelet/cpu_manager_state output.
                                                                                                                                cat /var/lib/kubelet/cpu_manager_state
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                The command output is as follows:
                                                                                                                                
+
                                                                                                                                {"policyName":"static","defaultCpuSet":"0-1,4-7","entries":{"de14506d-0408-411f-bbb9-822866b58ae2":{"container-1":"2-3"}},"checksum":3744493798}
                                                                                                                                
+
                                                                                                                                • If the policyName is static, the policy has been configured.
                                                                                                                                • Value 2-3 indicates the set of CPUs that can be used by containers in the pod.
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0355.html b/docs/cce/umn/cce_10_0355.html
index 0a353f0fa..37ec0d3d1 100644
--- a/docs/cce/umn/cce_10_0355.html
+++ b/docs/cce/umn/cce_10_0355.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                                Configuring Passthrough Networking for a LoadBalancer Service
                                                                                                                                
-
                                                                                                                                Background
                                                                                                                                A Kubernetes cluster can publish applications running on a group of pods as Services, which provide unified layer-4 access entries. For a Loadbalancer Service, kube-proxy configures the LoadbalanceIP in status of the Service to the local forwarding rule of the node by default. When a pod accesses the load balancer from within the cluster, the traffic is forwarded within the cluster instead of being forwarded by the load balancer.
                                                                                                                                
-
                                                                                                                                kube-proxy is responsible for intra-cluster forwarding. kube-proxy has two forwarding modes: iptables and IPVS. iptables is a simple polling forwarding mode. IPVS has multiple forwarding modes but it requires modifying the startup parameters of kube-proxy. Compared with iptables and IPVS, load balancers provide more flexible forwarding policies as well as health check capabilities.
                                                                                                                                
+
                                                                                                                                Application Scenarios
                                                                                                                                kube-proxy, which is responsible for forwarding intra-cluster traffic, adds the IP addresses of load balancers associated with the LoadBalancer Services to nodes' local forwarding rules by default. When a client from within a cluster accesses the IP address of a load balancer, the traffic is directly forwarded to the destination instead of being forwarded by the load balancer.
                                                                                                                                
+
                                                                                                                                If node-level affinity is configured for a Service (with externalTrafficPolicy set to Local), the Service will forward traffic only to pods on the node that run these pods. When a node or pod accesses another pod in the same cluster, if the node where the client runs does not have the corresponding backend pod, the access may fail.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Solution
                                                                                                                                CCE supports passthrough networking. You can configure the annotation of kubernetes.io/elb.pass-through for the Loadbalancer Service. Intra-cluster access to the Service load balancer address is then forwarded to backend pods by the load balancer.
                                                                                                                                
-
                                                                                                                                Figure 1 Passthrough networking illustration
                                                                                                                                
+
                                                                                                                                Solution
                                                                                                                                CCE supports passthrough networking. You can configure the kubernetes.io/elb.pass-through annotation for the LoadBalancer Service so that the load balancer forwards the intra-cluster access to the IP address of the load balancer associated with the Service to backend pods.
                                                                                                                                
+
                                                                                                                                Figure 1 Passthrough networking illustration
                                                                                                                                
 
                                                                                                                                • CCE clusters
                                                                                                                                  When a LoadBalancer Service is accessed within the cluster, the access is forwarded to the backend pods using iptables/IPVS by default.
                                                                                                                                  
 
                                                                                                                                  When a LoadBalancer Service (configured with elb.pass-through) is accessed within the cluster, the access is first forwarded to the load balancer, then the nodes, and finally to the backend pods using iptables/IPVS.
                                                                                                                                  
 
                                                                                                                                • CCE Turbo clusters
                                                                                                                                  When a client accesses a LoadBalancer Service from within the cluster, passthrough is used by default. In this case, the client directly accesses the load balancer private network IP address and then access a container through the load balancer.
                                                                                                                                  
@@ -14,7 +14,8 @@
 
                                                                                                                                  Constraints
                                                                                                                                  • In a CCE standard cluster, after passthrough networking is configured for a dedicated load balancer, the private IP address of the load balancer cannot be accessed from the node where the workload pod resides or other containers on the same node as the workload.
                                                                                                                                  • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                                                                                                  • In IPVS network mode, the passthrough settings of Services connected to the same load balancer must be the same.
                                                                                                                                  • If node-level (local) service affinity is used, kubernetes.io/elb.pass-through is automatically set to onlyLocal to enable pass-through.
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  Procedure
                                                                                                                                  This section describes how to create a Deployment using an Nginx image and create a Service with passthrough networking enabled.
                                                                                                                                  
-
                                                                                                                                  1. Use the Nginx image to create a Deployment.
                                                                                                                                    apiVersion: apps/v1     
+
                                                                                                                                    1. Use the kubectl command line tool to connect to the cluster. 
                                                                                                                                    2. Use the Nginx image to create a Deployment.
                                                                                                                                      Create an nginx-deployment.yaml file. The file content is as follows:
                                                                                                                                      
+
                                                                                                                                      apiVersion: apps/v1     
 kind: Deployment         
 metadata:
   name: nginx            
@@ -40,7 +41,9 @@ spec:
             memory: 200Mi
       imagePullSecrets:
       - name: default-secret
                                                                                                                                      
-
                                                                                                                                    3. For a LoadBalance Service, set kubernetes.io/elb.pass-through to true. In this example, a shared load balancer named james is automatically created.
                                                                                                                                      apiVersion: v1 
+
                                                                                                                                      Run the following command to deploy the workload:
                                                                                                                                      kubectl create -f nginx-deployment.yaml
                                                                                                                                      
+
                                                                                                                                      
+
                                                                                                                                    4. Create a LoadBalancer Service and set kubernetes.io/elb.pass-through to true.
                                                                                                                                      The content of the nginx-elb-svc.yaml file is as follows. (In this example, a shared load balancer named james is automatically created.)
                                                                                                                                      apiVersion: v1 
 kind: Service 
 metadata: 
   annotations:   
@@ -61,42 +64,20 @@ spec:
     app: nginx 
   type: LoadBalancer
                                                                                                                                      
 
                                                                                                                                      
+
                                                                                                                                    5. Run the following command to create the Service:
                                                                                                                                      kubectl create -f nginx-elb-svc.yaml
                                                                                                                                      
 
                                                                                                                                    
 
                                                                                                                                  
-
                                                                                                                                  Verification
                                                                                                                                  Check the load balancer associated with the created Service. The load balancer name is james. The number of load balancer connections is 0.
                                                                                                                                  
-
                                                                                                                                  Use kubectl to connect to the cluster, go to an Nginx container, and access the ELB address. The access is successful.
                                                                                                                                  
-
                                                                                                                                  # kubectl get pod
-NAME                     READY   STATUS    RESTARTS   AGE
+
                                                                                                                                  Verification
                                                                                                                                  1. Log in to the ELB console and check the load balancer (named james in this example) associated with the Service.
                                                                                                                                  2. Click the load balancer name and click the Monitoring tab.
                                                                                                                                    There is 0 connections to the load balancer.
                                                                                                                                    
+
                                                                                                                                  3. Log in to an Nginx container in the cluster using kubectl and access the IP address of the load balancer.
                                                                                                                                    1. Obtain the Nginx containers in the cluster.
                                                                                                                                      kubectl get pod
                                                                                                                                      
+
                                                                                                                                      Information similar to the following is displayed:
                                                                                                                                      NAME                     READY   STATUS    RESTARTS   AGE
 nginx-7c4c5cc6b5-vpncx   1/1     Running   0          9m47s
-nginx-7c4c5cc6b5-xj5wl   1/1     Running   0          9m47s
-# kubectl exec -it nginx-7c4c5cc6b5-vpncx -- /bin/sh
-# curl 120.46.141.192
-<!DOCTYPE html>
-<html>
-<head>
-<title>Welcome to nginx!</title>
-<style>
-    body {
-        width: 35em;
-        margin: 0 auto;
-        font-family: Tahoma, Verdana, Arial, sans-serif;
-    }
-</style>
-</head>
-<body>
-<h1>Welcome to nginx!</h1>
-<p>If you see this page, the nginx web server is successfully installed and
-working. Further configuration is required.</p>
-
-<p>For online documentation and support please refer to
-<a href="http://nginx.org/">nginx.org</a>.<br/>
-Commercial support is available at
-<a href="http://nginx.com/">nginx.com</a>.</p>
-
-<p><em>Thank you for using nginx.</em></p>
-</body>
-</html>
                                                                                                                                      
-
                                                                                                                                      Wait for a period of time and view the ELB monitoring data. A new access connection is created for the ELB, indicating that the access passes through the ELB load balancer as expected.
                                                                                                                                      
+nginx-7c4c5cc6b5-xj5wl   1/1     Running   0          9m47s
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                • Log in to an Nginx container container.
                                                                                                                                  kubectl exec -it nginx-7c4c5cc6b5-vpncx -- /bin/sh
                                                                                                                                  
+
                                                                                                                                • Access the load balancer IP address.
                                                                                                                                  curl **.**.**.**
                                                                                                                                  
+
                                                                                                                                  • 
+
                                                                                                                                • Wait for a while and check the monitoring data on the ELB console.
                                                                                                                                  If a new access connection is displayed, the access is forwarded by the load balancer as expected.
                                                                                                                                  
+
                                                                                                                                  • 
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0360.html b/docs/cce/umn/cce_10_0360.html
index 31163356b..7008930d8 100644
--- a/docs/cce/umn/cce_10_0360.html
+++ b/docs/cce/umn/cce_10_0360.html
@@ -21,7 +21,7 @@ nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
 options ndots:5 timeout single-request-reopen
 
                                                                                                                                When a user accesses the Service name:Port of the Nginx pod, the IP address of the Nginx Service is resolved from CoreDNS, and then the IP address of the Nginx Service is accessed. In this way, the user can access the backend Nginx pod.
                                                                                                                                
-
                                                                                                                                Figure 1 Example of domain name resolution in a cluster
                                                                                                                                
+
                                                                                                                                Figure 1 Example of domain name resolution in a cluster
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                How Does Domain Name Resolution Work in Kubernetes?
                                                                                                                                DNS policies can be configured for each pod. Kubernetes supports DNS policies Default, ClusterFirst, ClusterFirstWithHostNet, and None. For details, see DNS for Services and Pods. These policies are specified in the dnsPolicy field in the pod-specific.
                                                                                                                                
 
                                                                                                                                • Default: Pods inherit the name resolution configuration from the node that the pods run on. The custom upstream DNS server and the stub domain cannot be used together with this policy.
                                                                                                                                • ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as www.kubernetes.io, is forwarded to the upstream name server inherited from the node. Cluster administrators may have extra stub domains and upstream DNS servers configured. 
                                                                                                                                • ClusterFirstWithHostNet: For pods running with hostNetwork, set its DNS policy ClusterFirstWithHostNet.
                                                                                                                                • None: It allows a pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsPolicy field in the pod-specific.
                                                                                                                                
@@ -33,7 +33,7 @@ options ndots:5 timeout single-request-reopen
 
                                                                                                                                1. The query is first sent to the DNS caching layer in CoreDNS.
                                                                                                                                2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                                                                                                                  • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                                                                                                                                  
 
                                                                                                                                  • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                                                                                                                                  • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                                                                                                                                  
 
                                                                                                                                
-
                                                                                                                                Figure 2 Routing
                                                                                                                                
+
                                                                                                                                Figure 2 Routing
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Related Operations
                                                                                                                                You can also configure DNS in a workload. For details, see DNS Configuration.
                                                                                                                                
 
                                                                                                                                You can also use CoreDNS to implement user-defined domain name resolution. For details, see Using CoreDNS for Custom Domain Name Resolution.
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0361.html b/docs/cce/umn/cce_10_0361.html
index 00dee4958..48604e6ba 100644
--- a/docs/cce/umn/cce_10_0361.html
+++ b/docs/cce/umn/cce_10_0361.html
@@ -5,14 +5,13 @@
 
                                                                                                                                • In the legacy code, a fixed domain name is configured for calling other internal services. If the system decides to use Kubernetes Services, the code refactoring workload could be heavy.
                                                                                                                                • A service is created outside the cluster. Data in the cluster needs to be sent to the service through a fixed domain name.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Solution
                                                                                                                                There are several CoreDNS-based solutions for custom domain name resolution:
                                                                                                                                
-
+
 
                                                                                                                                
 
                                                                                                                                Precautions
                                                                                                                                Improper modification on CoreDNS configuration may cause domain name resolution failures in the cluster. Perform tests before and after the modification.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Configuring the Stub Domain for CoreDNS
                                                                                                                                Cluster administrators can modify the ConfigMap for the CoreDNS Corefile to change how service discovery works.
                                                                                                                                
 
                                                                                                                                Assume that a cluster administrator has a Consul DNS server located at 10.150.0.1 and all Consul domain names have the suffix .consul.local.
                                                                                                                                
-
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                3. Add a stub domain in the Parameters area. The format is a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses, for example, consul.local -- 10.150.0.1.
                                                                                                                                4. Click OK.
                                                                                                                                5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                  The corresponding Corefile content is as follows:
                                                                                                                                  
-
                                                                                                                                  .:5353 {
+
                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                  2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                  3. Add a stub domain in the Parameters area. The format is a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses, for example, consul.local -- 10.150.0.1.
                                                                                                                                    Corefile:
                                                                                                                                    .:5353 {
     bind {$POD_IP}
     cache 30 {
         servfail 5s
@@ -31,29 +30,29 @@
     reload
     ready {$POD_IP}:8081
 }
-consul.local:5353 {
-    bind {$POD_IP}
-    errors
-    cache 30
-    forward . 10.150.0.1
-}
                                                                                                                                    
-
                                                                                                                                  
+consul.local:5353 {
+    bind {$POD_IP}
+    errors
+    cache 30
+    forward . 10.150.0.1
+}
                                                                                                                                  
+
                                                                                                                                
+
                                                                                                                              • Click OK.
                                                                                                                              • Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                • 
 
                                                                                                                                
 
                                                                                                                                Modifying the CoreDNS Hosts Configuration File
                                                                                                                                After modifying the hosts file in CoreDNS, you do not need to configure the hosts file in each pod to add resolution records.
                                                                                                                                
-
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                  {
+
                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                  2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                  3. Edit extended parameters in Parameters and add the following content to the plugins field:
                                                                                                                                    {
   "configBlock": "192.168.1.1 www.example.com\nfallthrough",
   "name": "hosts"
 }
                                                                                                                                    
-
                                                                                                                                     
                                                                                                                                    The fallthrough field must be configured. fallthrough indicates that when the domain name to be resolved cannot be found in the hosts file, the resolution task is transferred to the next CoreDNS plug-in. If fallthrough is not specified, the task ends and the domain name resolution stops. As a result, the domain name resolution in the cluster fails.
                                                                                                                                    
+
                                                                                                                                     
                                                                                                                                    The fallthrough field must be configured. fallthrough indicates that when the domain name to be resolved cannot be found in the hosts file, the resolution task is transferred to the next add-on of CoreDNS. If fallthrough is not specified, the task ends and the domain name resolution stops. As a result, the domain name resolution in the cluster fails.
                                                                                                                                    
 
                                                                                                                                    For details about how to configure the hosts file, visit https://coredns.io/plugins/hosts/.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                  4. Click OK.
                                                                                                                                  5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                    The corresponding Corefile content is as follows:
                                                                                                                                    
-
                                                                                                                                    .:5353 {
+
                                                                                                                                    Corefile:
                                                                                                                                    .:5353 {
     bind {$POD_IP}
-    hosts {
-      192.168.1.1 www.example.com
-      fallthrough
-    }
+    hosts {
+      192.168.1.1 www.example.com
+      fallthrough
+    }
     cache 30
     errors
     health {$POD_IP}:8080
@@ -69,17 +68,17 @@
     reload
     ready {$POD_IP}:8081
 }
                                                                                                                                    
-
                                                                                                                                  
 
                                                                                                                                
-
                                                                                                                                Adding the CoreDNS Rewrite Configuration to Point the Domain Name to Services in the Cluster
                                                                                                                                Use the Rewrite plug-in of CoreDNS to resolve a specified domain name to the domain name of a Service. For example, the request for accessing the example.com domain name is redirected to the example.default.svc.cluster.local domain name, that is, the example service in the default namespace.
                                                                                                                                
-
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                  {
+
                                                                                                                                4. Click OK.
                                                                                                                                5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Adding the CoreDNS Rewrite Configuration to Point the Domain Name to ClusterIP Services
                                                                                                                                Use the Rewrite plug-in of CoreDNS to resolve a specified domain name to the domain name of a Service. For example, the request for accessing the example.com domain name is redirected to the example.default.svc.cluster.local domain name, that is, the example service in the default namespace.
                                                                                                                                
+
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                3. Edit extended parameters in Parameters and add the following content to the plugins field:
                                                                                                                                  {
    "name": "rewrite",
    "parameters": "name example.com example.default.svc.cluster.local"
 }
                                                                                                                                  
-
                                                                                                                                4. Click OK.
                                                                                                                                5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                  The corresponding Corefile content is as follows:
                                                                                                                                  
-
                                                                                                                                  .:5353 {
+
                                                                                                                                  Corefile:
                                                                                                                                  .:5353 {
     bind {$POD_IP}
-    rewrite name example.com example.default.svc.cluster.local
+    rewrite name example.com example.default.svc.cluster.local
     cache 30
     errors
     health {$POD_IP}:8080
@@ -95,16 +94,16 @@
     reload
     ready {$POD_IP}:8081
 }
                                                                                                                                  
-
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Using CoreDNS to Cascade Self-Built DNS
                                                                                                                                By default, CoreDNS uses the /etc/resolv.conf file of the node for resolution. You can also change the resolution address to that of the external DNS.
                                                                                                                                
-
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                3. Edit the advanced configuration under Parameters and modify the following content in the plugins field:
                                                                                                                                  {
+
                                                                                                                                4. Click OK.
                                                                                                                                5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Using CoreDNS to Cascade On-premises DNS
                                                                                                                                If the domain name is not in the Kubernetes domain, CoreDNS will use the /etc/resolv.conf file of the node for resolution by default. You can also change the resolution address to that of the external DNS.
                                                                                                                                
+
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                3. Edit extended parameters in Parameters and modify the following content in the plugins field:
                                                                                                                                  {
     "configBlock": "policy random",
     "name": "forward",
     "parameters": ". 192.168.1.1"
 }
                                                                                                                                  
-
                                                                                                                                4. Click OK.
                                                                                                                                5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                  The corresponding Corefile content is as follows:
                                                                                                                                  
-
                                                                                                                                  .:5353 {
+
                                                                                                                                  Corefile:
                                                                                                                                  .:5353 {
     bind {$POD_IP}
     cache 30
     errors
@@ -115,13 +114,14 @@
     }
     loadbalance round_robin
     prometheus {$POD_IP}:9153
-    forward . 192.168.1.1 {
+    forward . 192.168.1.1 {
         policy random
     }
     reload
     ready {$POD_IP}:8081
 }
                                                                                                                                  
-
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                              • Click OK.
                                                                                                                              • Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                • 
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0363.html b/docs/cce/umn/cce_10_0363.html
index 05dc82730..db935d251 100644
--- a/docs/cce/umn/cce_10_0363.html
+++ b/docs/cce/umn/cce_10_0363.html
@@ -40,7 +40,7 @@
 
                                                                                                                                
 
                                                                                                                                Container Engine
                                                                                                                                
 
                                                                                                                                The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.
                                                                                                                                
+
                                                                                                                                The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping Between Node OSs and Container Engines.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                OS
                                                                                                                                
@@ -71,7 +71,7 @@
 
 
                                                                                                                                Storage Settings
                                                                                                                                
 
                                                                                                                                Configure storage resources on a node for the containers running on it. Select a disk type and configure its size based on service requirements. 
-
                                                                                                                                
-
                                                                                                                                Table 2 Storage configuration parameters
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                
@@ -80,19 +80,28 @@
 
+
+
+
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0364.html b/docs/cce/umn/cce_10_0364.html
index 395c45105..3d391b4d8 100644
--- a/docs/cce/umn/cce_10_0364.html
+++ b/docs/cce/umn/cce_10_0364.html
@@ -1,20 +1,19 @@
 
 
-
                                                                                                                                Using kubectl to Create an Nginx Ingress
                                                                                                                                
-
                                                                                                                                Scenario
                                                                                                                                This section uses an Nginx workload as an example to describe how to create an Nginx ingress using kubectl.
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                                Prerequisites
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                                Ingress Description of networking.k8s.io/v1
                                                                                                                                In CCE clusters of v1.23 or later, the ingress version is switched to networking.k8s.io/v1.
                                                                                                                                
+
                                                                                                                                Creating an Nginx Ingress Using kubectl
                                                                                                                                
+
                                                                                                                                This section uses an Nginx workload as an example to describe how to create an Nginx ingress using kubectl.
                                                                                                                                
+
                                                                                                                                Ingress API Version Upgrade in CCE Clusters v1.23
                                                                                                                                In CCE clusters of v1.23 or later, the ingress version is switched to networking.k8s.io/v1.
                                                                                                                                
 
                                                                                                                                Compared with v1beta1, v1 has the following differences in parameters:
                                                                                                                                
-
                                                                                                                                • The ingress type is changed from kubernetes.io/ingress.class in annotations to spec.ingressClassName.
                                                                                                                                • The format of backend is changed.
                                                                                                                                • The pathType parameter must be specified for each path. The options are as follows:
                                                                                                                                  • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                                                                                  • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                                  • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                                                                                  
+
                                                                                                                                  • The ingress type is specified by spec.ingressClassName instead of kubernetes.io/ingress.class in annotations.
                                                                                                                                  • The format of backend has changed.
                                                                                                                                  • The pathType parameter must be specified for each path. The options are as follows:
                                                                                                                                    • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                                                                                    • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                                    • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                                                                                    
 
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                
+
                                                                                                                                Prerequisites
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Creating an Nginx Ingress
                                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                  vi ingress-test.yaml
                                                                                                                                  
-
                                                                                                                                   
                                                                                                                                  Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress Description of networking.k8s.io/v1.
                                                                                                                                  
+
                                                                                                                                  Creating an Nginx Ingress
                                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                  2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                    vi ingress-test.yaml
                                                                                                                                    
+
                                                                                                                                     
                                                                                                                                    Starting from cluster v1.23, the ingress version is switched from networking.k8s.io/v1beta1 to networking.k8s.io/v1. For details about the differences between v1 and v1beta1, see Ingress API Version Upgrade in CCE Clusters v1.23.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    The following uses HTTP as an example to describe how to configure the YAML file:
                                                                                                                                    
+
                                                                                                                                    The following uses HTTP as an example to describe how to configure the YAML file:
                                                                                                                                    
 
                                                                                                                                    For clusters of v1.23 or later:
                                                                                                                                    apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -33,7 +32,7 @@ spec:
             property:
               ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
             pathType: ImplementationSpecific
-  ingressClassName: nginx   # Nginx Ingress is used. If multiple Nginx Ingress controllers are installed in the cluster, replace nginx with the custom name of the controller associated with the ingress.
                                                                                                                                    
+  ingressClassName: nginx   # Nginx Ingress is used. If multiple Nginx Ingress controllers are installed in the cluster, replace nginx with the custom name of the controller associated with the ingress.
 
                                                                                                                                    
 
                                                                                                                                    For clusters of v1.21 or earlier:
                                                                                                                                    apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
@@ -79,7 +78,7 @@ spec:
 
 
                                                                                                                                
-
@@ -90,7 +89,7 @@ spec:
 
-
                                                                                                                                Table 2 Configuration parameters
                                                                                                                                Parameter
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Description
                                                                                                                                
 
                                                                                                                                System Disk
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                System disk used by the node OS. The value ranges from 40 GiB to 1024 GiB. The default value is 50 GiB.
                                                                                                                                
-
                                                                                                                                Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                                                                                • Not encrypted is selected by default.
                                                                                                                                • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                                                                • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                                                                                
+
                                                                                                                                System Disk Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. Only the nodes of the Elastic Cloud Server (VM) type in certain regions support system disk encryption. For details, see the console.
                                                                                                                                • Not encrypted is selected by default.
                                                                                                                                • If you select Enabled (key) for System Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                                                                • If you select Enabled (KMS key ID) for System Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                		
 
                                                                                                                                System Component Storage
                                                                                                                                
+
                                                                                                                                Select a disk for storing system components.
                                                                                                                                
+
                                                                                                                                • Data Disk: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                                                                                                • System Disk: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.
                                                                                                                                
+
                                                                                                                                 NOTE: 
                                                                                                                                In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If CCE Node Problem Detector is used, ensure that its version is 1.19.2 or later.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                Data Disk
                                                                                                                                
 
                                                                                                                                At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                                                                                                
-
                                                                                                                                • First data disk: used for container runtime and kubelet components. The value ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                • Other data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                
+
                                                                                                                                At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                                                                                                • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, if System Component Storage is set to System Disk, you have the option not to add the default data disk. In this case, all data disks are common ones: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                
 
                                                                                                                                 NOTE: 
                                                                                                                                • If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                                                                                                                                • Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Advanced Settings
                                                                                                                                
 
                                                                                                                                Expand the area and configure the following parameters:
                                                                                                                                
-
                                                                                                                                • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                                                                                                • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                                                                                  • Not encrypted is selected by default.
                                                                                                                                  • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                                                                  • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                                                                                  
+
                                                                                                                                  • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                                                                                                  • Data Disk Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                                                                                    • Not encrypted is selected by default.
                                                                                                                                    • If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
                                                                                                                                    • If you select Enabled (KMS key ID) for Data Disk Encryption, enter a KMS key (which can be shared by others) in the current region.
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                  Adding data disks
                                                                                                                                  
 
                                                                                                                                  A maximum of 16 data disks can be attached to an ECS. By default, a raw disk is created without any processing. You can also click Expand and select any of the following options:
                                                                                                                                  
@@ -146,14 +155,14 @@
 
                                                                                                                                Resource Tag
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                You can add resource tags to classify resources. A maximum of eight resource tags can be added.
                                                                                                                                
-
                                                                                                                                You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                
-
                                                                                                                                CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                                                                                                
+
                                                                                                                                You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                
+
                                                                                                                                CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Kubernetes Label
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add Label for more. A maximum of 20 labels can be added.
                                                                                                                                
-
                                                                                                                                Labels can be used to distinguish nodes. With workload affinity settings, pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                                                
+
                                                                                                                                Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Taint
                                                                                                                                
@@ -181,13 +190,13 @@
 
                                                                                                                                
 
                                                                                                                                Pre-installation Command
                                                                                                                                
 
                                                                                                                                Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                
+
                                                                                                                                Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                
 
                                                                                                                                The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Post-installation Command
                                                                                                                                
 
                                                                                                                                Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                
+
                                                                                                                                Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                
 
                                                                                                                                The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                                                                                                                
 
                                                                                                                                 NOTE: 
                                                                                                                                Do not run the reboot command in the post-installation script to restart the system immediately. To restart the system, run the shutdown -r 1 command to restart with a delay of one minute.
                                                                                                                                
 
                                                                                                                                
@@ -195,7 +204,7 @@
 
                                                                                                                                
 
                                                                                                                                Agency
                                                                                                                                
 
                                                                                                                                An agency is created by the account administrator on the IAM console. Using an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                                                                                                                                
+
                                                                                                                                An agency is created by the tenant administrator on the IAM console. Using an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                                                                                                                                
 
                                                                                                                                If no agency is available, click Create Agency on the right to create one.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                nginx: indicates that Nginx Ingress is used. This option is available only after the NGINX Ingress Controller add-on is installed. If multiple Nginx Ingress controllers are installed in the cluster, replace nginx with the custom name of the controller associated with the ingress.
                                                                                                                                
+
                                                                                                                                nginx: indicates that Nginx Ingress is used. This option is available only after the NGINX Ingress Controller add-on is installed. If multiple NGINX Ingress Controllers are installed in the cluster, replace nginx with the custom name of the controller associated with the ingress.
                                                                                                                                
 
                                                                                                                                Multiple NGINX Ingress Controller add-ons can be installed in one cluster if the add-on version is 2.5.4 or later. In this case, the value of this parameter must be the controller name customized during controller installation, which indicates that the ingress is managed by the controller.
                                                                                                                                
 
                                                                                                                                This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                                                                                
+
                                                                                                                                Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                path
                                                                                                                                
@@ -134,14 +133,13 @@ spec:
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                              • Create an ingress.
                                                                                                                                kubectl create -f ingress-test.yaml
                                                                                                                                
-
                                                                                                                                If information similar to the following is displayed, the ingress has been created.
                                                                                                                                
+
                                                                                                                              • Create an ingress.
                                                                                                                                kubectl create -f ingress-test.yaml
                                                                                                                                
+
                                                                                                                                If information similar to the following is displayed, the ingress has been created:
                                                                                                                                
 
                                                                                                                                ingress/ingress-test created
                                                                                                                                
-
                                                                                                                                View the created ingress.
                                                                                                                                
-
                                                                                                                                kubectl get ingress
                                                                                                                                
-
                                                                                                                                If information similar to the following is displayed, the ingress has been created and the workload is accessible.
                                                                                                                                
-
                                                                                                                                NAME             HOSTS     ADDRESS          PORTS   AGE
-ingress-test     *         121.**.**.**     80      10s
                                                                                                                                
+
                                                                                                                              • Check the created ingress.
                                                                                                                                kubectl get ingress
                                                                                                                                
+
                                                                                                                                If information similar to the following is displayed, the ingress has been created:
                                                                                                                                
+
                                                                                                                                NAME          CLASS   HOSTS     ADDRESS          PORTS   AGE
+ingress-test  nginx   *         121.**.**.**     80      10s
                                                                                                                                
 
                                                                                                                              • Enter http://121.**.**.**:80 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                                121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                                
 
                                                                                                                                • 
 
diff --git a/docs/cce/umn/cce_10_0365.html b/docs/cce/umn/cce_10_0365.html
index 10afc6c13..f2f889e18 100644
--- a/docs/cce/umn/cce_10_0365.html
+++ b/docs/cce/umn/cce_10_0365.html
@@ -17,7 +17,7 @@
 
                                                                                                                                Configuring DNS for a Workload Using the Console
                                                                                                                                Kubernetes provides DNS-related configuration options for applications. The use of application's DNS configuration can effectively reduce unnecessary DNS queries in certain scenarios and improve service concurrency. The following procedure uses an Nginx application as an example to describe how to add DNS configurations for a workload on the console.
                                                                                                                                
 
                                                                                                                                1. Log in to the CCE console, access the cluster console, select Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                                                                                2. Configure basic information about the workload. For details, see Creating a Workload.
                                                                                                                                3. In the Advanced Settings area, click the DNS tab and set the following parameters as required:
                                                                                                                                  • DNS Policy: The DNS policies provided on the console correspond to the dnsPolicy field in the YAML file. For details, see Table 1.
                                                                                                                                    • Supplement defaults: corresponds to dnsPolicy=ClusterFirst. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks.
                                                                                                                                    • Replace defaults: corresponds to dnsPolicy=None. You must configure IP Address and Search Domain. Containers only use the user-defined IP address and search domain configurations for domain name resolution.
                                                                                                                                    • Inherit defaults: corresponds to dnsPolicy=Default. Containers use the domain name resolution configuration from the node that pods run on and cannot resolve the cluster-internal domain names.
                                                                                                                                    
 
                                                                                                                                  • Optional Objects: The options parameters in the dnsConfig field. Each object may have a name property (required) and a value property (optional). After setting the properties, click confirm to add.
                                                                                                                                    • timeout: Timeout interval, in seconds.
                                                                                                                                    • ndots: Number of dots (.) that must be present in a domain name. If a domain name has dots fewer than this value, the operating system will look up the name in the search domain. If not, the name is a fully qualified domain name (FQDN) and will be tried first as an absolute name.
                                                                                                                                    
-
                                                                                                                                  • IP Address of DNS Server: nameservers in dnsConfig. You can configure a domain name server for a custom domain name. The value is one or a group of DNS IP addresses.
                                                                                                                                  • Search Domain: searches in the dnsConfig. A list of DNS search domains for hostname lookup in the pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed.
                                                                                                                                  • Host Alias: Add the mapping between domain names and IP addresses to the local configuration file /etc/hosts of a pod for simplified local domain name resolution. For details, see Adding entries to Pod /etc/hosts with HostAliases
                                                                                                                                  
+
                                                                                                                                4. IP Address of DNS Server: nameservers in dnsConfig. You can configure a domain name server for a custom domain name. The value is one or a group of DNS IP addresses.
                                                                                                                                5. Search Domain: searches in the dnsConfig. A list of DNS search domains for hostname lookup in the pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed.
                                                                                                                                6. Host Alias: Add the mapping between domain names and IP addresses to the local configuration file /etc/hosts of a pod for simplified local domain name resolution. For details, see Adding entries to Pod /etc/hosts with HostAliases
                                                                                                                                  7. 
 
                                                                                                                                7. Click Create Workload.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Configuring DNS Using the Workload YAML
                                                                                                                                When creating a workload using a YAML file, you can configure the DNS settings in the YAML. The following is an example for an Nginx application:
                                                                                                                                apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0367.html b/docs/cce/umn/cce_10_0367.html
index 7feab4610..7e8caf177 100644
--- a/docs/cce/umn/cce_10_0367.html
+++ b/docs/cce/umn/cce_10_0367.html
@@ -4,11 +4,11 @@
 
                                                                                                                                Scenario
                                                                                                                                Subject Alternative Name (SAN) allows multiple values (including IP addresses, domain names, and so on) to be associated with certificates. A SAN is usually used by the client to verify the server validity in TLS handshakes. Specifically, the validity check includes whether the server certificate is issued by a CA trusted by the client and whether the SAN in the certificate matches the IP address or DNS domain name that the client actually accesses.
                                                                                                                                
 
                                                                                                                                If the client cannot directly access the private IP or EIP of the cluster, you can sign the IP address or DNS domain name that can be directly accessed by the client into the cluster server certificate as a SAN to enable two-way authentication on the client, which improves security. Typical use cases include DNAT access and domain name access.
                                                                                                                                
 
                                                                                                                                If you have particular proxy access requirements or need to access resources in other regions, you can customize a SAN. Typical domain name access scenarios:
                                                                                                                                
-
                                                                                                                                • Add the response domain name mapping when specifying the DNS domain name address in the host domain name configuration on the client, or configuring /etc/hosts on the client host.
                                                                                                                                • Use domain name access in the intranet. DNS allows you to configure mappings between cluster EIPs and custom domain names. After an EIP is updated, you can continue to use two-way authentication and the domain name to access the cluster without downloading the kubeconfig.json file again.
                                                                                                                                • Add A records on a self-built DNS server.
                                                                                                                                
+
                                                                                                                                • Add the domain name mapping by either adding the DNS domain name address in the host domain name configuration on the client or configuring /etc/hosts on the client host.
                                                                                                                                • Use domain name access in the intranet. DNS allows you to configure mappings between cluster EIPs and custom domain names. After an EIP is updated, you can continue to use two-way authentication and the domain name to access the cluster without downloading the kubeconfig.json file again.
                                                                                                                                • Add A records on a self-built DNS server.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Prerequisites
                                                                                                                                A cluster of v1.19 or later is available.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Customizing a SAN
                                                                                                                                1. Log in to the CCE console.
                                                                                                                                2. Click the name of the target cluster in the cluster list to go to the cluster Overview page.
                                                                                                                                3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, enter the IP address or domain name and click Save.
                                                                                                                                   
                                                                                                                                  1. This operation will restart kube-apiserver and update the kubeconfig.json file for a short period of time. Do not perform operations on the cluster during this period.
                                                                                                                                  
+
                                                                                                                                  Customizing a SAN
                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                  2. Click the name of the target cluster in the cluster list to go to the cluster Overview page.
                                                                                                                                  3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, enter the IP address or domain name and click Save.
                                                                                                                                     
                                                                                                                                    1. This operation will restart kube-apiserver and update the kubeconfig.json file for a short period of time. Do not perform operations on the cluster during this period.
                                                                                                                                    
 
                                                                                                                                    2. A maximum of 128 domain names or IP addresses, separated by commas (,), are allowed.
                                                                                                                                    
 
                                                                                                                                    3. If a custom domain name needs to be bound to an EIP, ensure that an EIP has been configured.
                                                                                                                                    
 
                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0373.html b/docs/cce/umn/cce_10_0373.html
index 63f210e9b..489c12c8a 100644
--- a/docs/cce/umn/cce_10_0373.html
+++ b/docs/cce/umn/cce_10_0373.html
@@ -7,10 +7,8 @@
 
                                                                                                                                  4. Preparing an Application
                                                                                                                                    Prepare an application image. The application must provide a metric monitoring API for Prometheus to collect data, and the monitoring data must comply with the Prometheus specifications.
                                                                                                                                    
 
                                                                                                                                  5. Monitoring Custom Metrics
                                                                                                                                    Use the application image to deploy a workload in a cluster. Custom metrics will be automatically reported to Prometheus.
                                                                                                                                    
 
                                                                                                                                    Use one of the following methods to monitor custom metrics:
                                                                                                                                    
-
+
 
                                                                                                                                  
-
                                                                                                                                  Constraints
                                                                                                                                  • To use Prometheus to monitor custom metrics, the application needs to provide a metric monitoring API. For details, see Prometheus Monitoring Data Collection.
                                                                                                                                  • Currently, metrics in the kube-system and monitoring namespaces cannot be collected when pod and service annotations are used. To collect metrics in the two namespaces, use PodMonitor and ServiceMonitor.
                                                                                                                                  • The nginx/nginx-prometheus-exporter:0.9.0 image is pulled for the Nginx application. You need to add an EIP for the node where the application is deployed or upload the image to SWR to prevent application deployment failures.
                                                                                                                                  
-
                                                                                                                                  
 
                                                                                                                                  Prometheus Monitoring Data Collection
                                                                                                                                  Prometheus periodically calls the metric monitoring API (/metrics by default) of an application to obtain monitoring data. The application needs to provide the metric monitoring API for Prometheus to call, and the monitoring data must meet the following specifications of Prometheus:
                                                                                                                                  
 
                                                                                                                                  # TYPE nginx_connections_active gauge
 nginx_connections_active 2
@@ -18,10 +16,13 @@ nginx_connections_active 2
 nginx_connections_reading 0
                                                                                                                                  
 
                                                                                                                                  Prometheus provides clients in various languages. For details about the clients, see Prometheus CLIENT LIBRARIES. For details about how to develop an exporter, see WRITING EXPORTERS. The Prometheus community provides various third-party exporters that can be directly used. For details, see EXPORTERS AND INTEGRATIONS.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Installing and Accessing Cloud Native Cluster Monitoring
                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                  2. In the navigation pane on the left, choose Add-ons. On the displayed page, locate the Cloud Native Cluster Monitoring add-on and click Install.
                                                                                                                                    When installing this add-on, pay attention to the following configurations. Configure other parameters as required. For details, see Cloud Native Cluster Monitoring.
                                                                                                                                    • For 3.8.0 or later, enable custom metric collection.
                                                                                                                                    • For 3.8.0 or earlier, do not enable custom metric collection.
                                                                                                                                    
+
                                                                                                                                    Constraints
                                                                                                                                    • To use Prometheus to monitor custom metrics, the application needs to provide a metric monitoring API. For details, see Prometheus Monitoring Data Collection.
                                                                                                                                    • Currently, metrics in the kube-system and monitoring namespaces cannot be collected when pod and service annotations are used. To collect metrics in the two namespaces, use PodMonitor and ServiceMonitor.
                                                                                                                                    • The nginx/nginx-prometheus-exporter:0.9.0 image is pulled for the Nginx application. You need to add an EIP for the node where the application is deployed or upload the image to SWR to prevent application deployment failures.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                  3. After this add-on is installed, deploy workloads and Services. The Prometheus server will be deployed as a StatefulSet in the monitoring namespace.
                                                                                                                                    You can create a public network LoadBalancer Service so that Prometheus can be accessed from external networks.
                                                                                                                                    
-
                                                                                                                                    1. Log in to the CCE console and click the name of the cluster with Prometheus installed to access the cluster console. In the navigation pane on the left, choose Services & Ingresses.
                                                                                                                                    2. Click Create from YAML in the upper right corner to create a public network LoadBalancer Service.
                                                                                                                                      apiVersion: v1
+
                                                                                                                                      Installing and Accessing Cloud Native Cluster Monitoring
                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                      2. In the navigation pane, choose Add-ons. On the displayed page, locate the Cloud Native Cluster Monitoring add-on and click Install. 
                                                                                                                                        When installing this add-on, pay attention to the following configurations. Configure other parameters as required. For details, see Cloud Native Cluster Monitoring.
                                                                                                                                        • For 3.8.0 or later, enable custom metric collection.
                                                                                                                                          
+
                                                                                                                                        • For 3.8.0 or earlier, do not enable custom metric collection.
                                                                                                                                        
+
                                                                                                                                        
+
                                                                                                                                      3. After this add-on is installed, deploy workloads and Services. The Prometheus server will be deployed as a StatefulSet in the monitoring namespace.
                                                                                                                                        You can create a public network LoadBalancer Service so that Prometheus can be accessed from external networks.
                                                                                                                                        
+
                                                                                                                                        1. Log in to the CCE console and click the name of the cluster with Prometheus installed to access the cluster console. In the navigation pane, choose Services & Ingresses.
                                                                                                                                        2. Click Create from YAML in the upper right corner to create a public network LoadBalancer Service.
                                                                                                                                          apiVersion: v1
 kind: Service
 metadata:
   name: prom-lb     # Service name, which is customizable.
@@ -30,18 +31,18 @@ metadata:
     app: prometheus
     component: server
   annotations:
-    kubernetes.io/elb.id: 038ff***     # Replace 038ff*** with the ID of the public network load balancer in the VPC that the cluster belongs to.
+    kubernetes.io/elb.id: 038ff***     # Replace 038ff*** with the ID of the public network load balancer in the VPC that the cluster belongs to.
 spec:
   ports:
     - name: cce-service-0
       protocol: TCP
-      port: 88             # Service port, which is customizable.
+      port: 88             # Service port, which is customizable.
       targetPort: 9090     # Default Prometheus port. Retain the default value.
   selector:                # The label selector can be adjusted based on the label of a Prometheus server instance.
     app.kubernetes.io/name: prometheus
     prometheus: server
   type: LoadBalancer
                                                                                                                                          
-
                                                                                                                                        3. After the Service is created, enter Public IP address of the load balancer:Service port in the address box of the browser to access Prometheus.
                                                                                                                                        
+
                                                                                                                                      4. After the Service is created, enter Public IP address of the load balancer:Service port in the address box of the browser to access Prometheus.
                                                                                                                                      
 
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                  Preparing an Application
                                                                                                                                  User-developed applications must provide a metric monitoring API, and the monitoring data must comply with the Prometheus specifications. For details, see Prometheus Monitoring Data Collection.
                                                                                                                                  
@@ -85,7 +86,7 @@ ADD nginx.conf /etc/nginx/nginx.conf
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                              • Use this Dockerfile to build an image and upload it to SWR. The image name is nginx:exporter. 
                                                                                                                                1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. On the displayed dialog box, click Generate a temporary login command and click  to copy the command.
                                                                                                                                2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                3. Run the following command to build an image named nginx. The image version is exporter.
                                                                                                                                  docker build -t nginx:exporter .
                                                                                                                                  
+
                                                                                                                                4. Use this Dockerfile to create an image and upload it to SWR. The image name is nginx:exporter. 
                                                                                                                                  1. In the navigation pane, choose My Images. In the upper right corner, click Upload Through Client. In the displayed dialog box, click Generate a temporary login command. Then, click  to copy the command.
                                                                                                                                  2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                  3. Run the following command to build an image named nginx. The image version is exporter.
                                                                                                                                    docker build -t nginx:exporter .
                                                                                                                                    
 
                                                                                                                                  4. Tag the image and upload it to the image repository. Change the image repository address and organization name based on your requirements.
                                                                                                                                    docker tag nginx:exporter {swr-address}/{group}/nginx:exporter
 docker push {swr-address}/{group}/nginx:exporter
                                                                                                                                    
 
                                                                                                                                  
@@ -97,7 +98,7 @@ Reading: 0 Writing: 1 Waiting: 2
 
                                                                                                                                
 
                                                                                                                                • 
 
                                                                                                                                
-
                                                                                                                                Method 1: Configuring Pod Annotations for Monitoring Custom Metrics
                                                                                                                                When the annotation settings of pods comply with the Prometheus data collection rules, Prometheus automatically collects the metrics exposed by the pods.
                                                                                                                                
+
                                                                                                                                Method 1: Configuring Pod Annotations
                                                                                                                                When the annotation settings of pods comply with the Prometheus data collection rules, Prometheus automatically collects the metrics exposed by the pods.
                                                                                                                                
 
                                                                                                                                The format of the monitoring data provided by nginx:exporter does not meet the requirements of Prometheus. Convert the data format to the format required by Prometheus. To convert the format of Nginx metrics, use nginx-prometheus-exporter. Deploy nginx:exporter and nginx-prometheus-exporter in the same pod and add the following annotations during deployment. Then Prometheus can automatically collect metrics.
                                                                                                                                
 
                                                                                                                                kind: Deployment
 apiVersion: apps/v1
@@ -139,11 +140,11 @@ spec:
         - name: default-secret
                                                                                                                                
 
                                                                                                                                Where,
                                                                                                                                
 
                                                                                                                                • prometheus.io/scrape indicates whether to enable Prometheus to collect pod monitoring data. The value is true.
                                                                                                                                • prometheus.io/port indicates the port for collecting monitoring data, which varies depending on the application. In this example, the port is 9113.
                                                                                                                                • prometheus.io/path indicates the URL of the API for collecting monitoring data. If this parameter is not set, the default value /metrics is used.
                                                                                                                                • prometheus.io/scheme: protocol used for data collection. The value can be http or https.
                                                                                                                                
-
                                                                                                                                After the application is successfully deployed, access Prometheus to query custom metrics by job name.
                                                                                                                                
-
                                                                                                                                The custom metrics related to Nginx can be obtained. In the following, the job name indicates that the metrics are reported based on the pod configuration.
                                                                                                                                
+
                                                                                                                                After the application is successfully deployed, access Prometheus to query custom metrics by job name.
                                                                                                                                
+
                                                                                                                                The custom metrics related to Nginx can be queried. In the following, the job name indicates that the metrics are reported based on the pod configuration.
                                                                                                                                
 
                                                                                                                                nginx_connections_accepted{cluster="2048c170-8359-11ee-9527-0255ac1000cf", cluster_category="CCE", cluster_name="cce-test", container="container-0", instance="10.0.0.46:9113", job="monitoring/kubernetes-pods", kubernetes_namespace="default", kubernetes_pod="nginx-exporter-77bf4d4948-zsb59", namespace="default", pod="nginx-exporter-77bf4d4948-zsb59", prometheus="monitoring/server"}
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Method 2: Configuring Service Annotations for Monitoring Custom Metrics
                                                                                                                                When the annotation settings of Services comply with the Prometheus data collection rules, Prometheus automatically collects the metrics exposed by the Services.
                                                                                                                                
+
                                                                                                                                Method 2: Configuring Service Annotations
                                                                                                                                When the annotation settings of Services comply with the Prometheus data collection rules, Prometheus automatically collects the metrics exposed by the Services.
                                                                                                                                
 
                                                                                                                                You can use Service annotations in the same way as pod annotations. However, their application scenarios are different. Pod annotations focus on pod resource usage metrics while Service annotations focus on metrics such as requests for a Service.
                                                                                                                                
 
                                                                                                                                The following is an example configuration:
                                                                                                                                
 
                                                                                                                                kind: Deployment
@@ -209,7 +210,7 @@ spec:
 
                                                                                                                                After the application is successfully deployed, access Prometheus to query custom metrics. In the following, the Service name indicates the metrics are reported based on the Service configuration.
                                                                                                                                
 
                                                                                                                                nginx_connections_accepted{app="nginx-test", cluster="2048c170-8359-11ee-9527-0255ac1000cf", cluster_category="CCE", cluster_name="cce-test", instance="10.0.0.38:9113", job="nginx-test", kubernetes_namespace="default", kubernetes_service="nginx-test", namespace="default", pod="nginx-test-78cfb65889-gtv7z", prometheus="monitoring/server", service="nginx-test"}
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Method 3: Configuring PodMonitor for Monitoring Custom Metrics
                                                                                                                                Cloud Native Cluster Monitoring allows you to configure metric collection tasks based on PodMonitor and ServiceMonitor. Prometheus Operator watches PodMonitor. The reload mechanism of Prometheus is used to trigger a hot update of the Prometheus collection tasks to the Prometheus instance.
                                                                                                                                
+
                                                                                                                                Method 3: Configuring PodMonitor
                                                                                                                                Cloud Native Cluster Monitoring allows you to configure metric collection tasks based on PodMonitor and ServiceMonitor. Prometheus Operator watches PodMonitor. The reload mechanism of Prometheus is used to trigger a hot update of the Prometheus collection tasks to the Prometheus instance.
                                                                                                                                
 
                                                                                                                                To use CRDs defined by Prometheus Operator on GitHub, visit https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/charts/crds/crds.
                                                                                                                                
 
                                                                                                                                The following is an example configuration:
                                                                                                                                
 
                                                                                                                                apiVersion: apps/v1
@@ -272,7 +273,7 @@ spec:
 
                                                                                                                                After the application is successfully deployed, access Prometheus to query custom metrics. In the following, the job name indicates the metrics are reported based on the PodMonitor configuration.
                                                                                                                                
 
                                                                                                                                nginx_connections_accepted{cluster="2048c170-8359-11ee-9527-0255ac1000cf", cluster_category="CCE", cluster_name="cce-test", container="container-0", endpoint="nginx-test2", instance="10.0.0.44:9113", job="monitoring/podmonitor-nginx", namespace="default", pod="nginx-test2-746b7f8fdd-krzfp", prometheus="monitoring/server"}
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Method 4: Configuring ServiceMonitor for Monitoring Custom Metrics
                                                                                                                                Cloud Native Cluster Monitoring allows you to configure metric collection tasks based on PodMonitor and ServiceMonitor. Prometheus Operator watches ServiceMonitor. The reload mechanism of Prometheus is used to trigger a hot update of the Prometheus collection tasks to the Prometheus instance.
                                                                                                                                
+
                                                                                                                                Method 4: Configuring ServiceMonitor
                                                                                                                                Cloud Native Cluster Monitoring allows you to configure metric collection tasks based on PodMonitor and ServiceMonitor. Prometheus Operator watches ServiceMonitor. The reload mechanism of Prometheus is used to trigger a hot update of the Prometheus collection tasks to the Prometheus instance.
                                                                                                                                
 
                                                                                                                                To use CRDs defined by Prometheus Operator on GitHub, visit https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/charts/crds/crds.
                                                                                                                                
 
                                                                                                                                The following is an example configuration:
                                                                                                                                
 
                                                                                                                                apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0378.html b/docs/cce/umn/cce_10_0378.html
index 500cac234..92a40a8b4 100644
--- a/docs/cce/umn/cce_10_0378.html
+++ b/docs/cce/umn/cce_10_0378.html
@@ -5,7 +5,7 @@
 
                                                                                                                                1. When a container is rebuilt, files in the container will be lost.
                                                                                                                                2. When multiple containers run in a pod at the same time, files need to be shared among the containers.
                                                                                                                                
 
                                                                                                                                Kubernetes volumes resolve both of these problems. Volumes, as part of a pod, cannot be created independently and can only be defined in pods. All containers in a pod can access its volumes, but the volumes must have been mounted to any directory in a container.
                                                                                                                                
 
                                                                                                                                The following figure shows how a storage volume is used between containers in a pod.
                                                                                                                                
-
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                The basic principles for using volumes are as follows:
                                                                                                                                
 
                                                                                                                                • Multiple volumes can be mounted to a pod. However, do not mount too many volumes to a pod.
                                                                                                                                • Multiple types of volumes can be mounted to a pod.
                                                                                                                                • Each volume mounted to a pod can be shared among containers in the pod.
                                                                                                                                • You are advised to use PVCs and PVs to mount volumes for Kubernetes.
                                                                                                                                
 
                                                                                                                                 
                                                                                                                                The lifecycle of a volume is the same as that of the pod to which the volume is mounted. When the pod is deleted, the volume is also deleted. However, files in the volume may outlive the volume, depending on the volume type.
                                                                                                                                
@@ -37,7 +37,7 @@
 
                                                                                                                                PV and PVC
                                                                                                                                Kubernetes provides PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) to abstract details of how storage is provided from how it is consumed. You can request specific size of storage when needed, just like pods can request specific levels of resources (CPU and memory).
                                                                                                                                
 
                                                                                                                                • PV: describes a persistent storage volume in a cluster. A PV is a cluster-level resource just like a node. It applies to the entire Kubernetes cluster. A PV has a lifecycle independent of any individual Pod that uses the PV.
                                                                                                                                • PVC: describes a request for storage by a user. When configuring storage for an application, claim a storage request (that is, PVC). Kubernetes selects a PV that best meets the request and binds the PV to the PVC. A PVC to PV binding is a one-to-one mapping. When creating a PVC, describe the attributes of the requested persistent storage, such as the storage size and read/write permission.
                                                                                                                                
 
                                                                                                                                You can bind PVCs to PVs in a pod so that the pod can use storage resources. The following figure shows the relationship between PVs and PVCs.
                                                                                                                                
-
                                                                                                                                Figure 1 PVC-to-PV binding
                                                                                                                                
+
                                                                                                                                Figure 1 PVC-to-PV binding
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                CSI
                                                                                                                                CSI is a standard for container storage interfaces and a storage plugin implementation solution recommended by the Kubernetes community. Everest is a storage add-on developed based on CSI. It provides different types of persistent storage for containers.
                                                                                                                                
 
                                                                                                                                
@@ -170,8 +170,8 @@ metadata:
     everest.io/reclaim-policy: retain-volume-only
   name: pv-evs-test
   labels:
-    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
-    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
 spec:
   accessModes:
     - ReadWriteOnce
diff --git a/docs/cce/umn/cce_10_0379.html b/docs/cce/umn/cce_10_0379.html
index 62f2c2af7..44ebd1834 100644
--- a/docs/cce/umn/cce_10_0379.html
+++ b/docs/cce/umn/cce_10_0379.html
@@ -94,14 +94,14 @@
 
                                                                                                                                Mount Path
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Enter a mount path, for example, /tmp.
                                                                                                                                
-
                                                                                                                                This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                 NOTICE: 
                                                                                                                                If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                
+
                                                                                                                                This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                 NOTICE: 
                                                                                                                                If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                		
 
                                                                                                                                
 
                                                                                                                                Subpath
                                                                                                                                
 
                                                                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                
+
                                                                                                                                Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Permission
                                                                                                                                
@@ -144,7 +144,7 @@ spec:
       name: <your_secret_name>       # Custom secret name
       namespace: <your_namespace>    # Namespace of the custom secret
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy
-  storageClassName: csi-obs               # Storage class name
+  storageClassName: csi-obs               # StorageClass name
   mountOptions: []                         # Mount options
 
 
                                                                                                                                Table 2 Key parameters
                                                                                                                                Parameter
                                                                                                                                
@@ -192,7 +192,7 @@ spec:
 
                                                                                                                                Yes
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Region where the OBS bucket is deployed.
                                                                                                                                
-
                                                                                                                                For details about the value of region, see Regions and Endpoints.
                                                                                                                                
+
                                                                                                                                For details about its value, see Regions and Endpoints.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                nodePublishSecretRef
                                                                                                                                
@@ -262,7 +262,7 @@ spec:
   resources:
     requests:
       storage: 1Gi
-  storageClassName: csi-obs       # Storage class name, which must be the same as that of the PV.
+  storageClassName: csi-obs       # StorageClass name, which must be the same as that of the PV
   volumeName: pv-obs    # PV name
 
 
                                                                                                                                
-
@@ -405,7 +405,7 @@ static
diff --git a/docs/cce/umn/cce_10_0380.html b/docs/cce/umn/cce_10_0380.html
index f5ec058ea..128872c6d 100644
--- a/docs/cce/umn/cce_10_0380.html
+++ b/docs/cce/umn/cce_10_0380.html
@@ -1,13 +1,48 @@
 
                                                                                                                                StorageClass
                                                                                                                                
-
                                                                                                                                Introduction
                                                                                                                                StorageClass describes the classification of storage types in a cluster and can be represented as a configuration template for creating PVs. When creating a PVC or PV, specify StorageClass.
                                                                                                                                
-
                                                                                                                                As a user, you only need to specify storageClassName when defining a PVC to automatically create a PV and underlying storage, significantly reducing the workload of creating and maintaining a PV.
                                                                                                                                
-
                                                                                                                                In addition to the default storage classes provided by CCE, you can also customize storage classes.
+
                                                                                                                                Introduction
                                                                                                                                A StorageClass in Kubernetes is a resource that categorizes storage types in a cluster. It can also serve as a configuration template for creating PVs. When creating a PVC or PV, you must specify a StorageClass. This resource object defines the storage mode and configuration parameters for dynamic volume provisioning, such as volume type, access mode, and volume lifecycle policy.
                                                                                                                                
+
                                                                                                                                When creating a PVC, you only need to specify the StorageClassName. Kubernetes will then automatically create the PVs and underlying storage based on the StorageClass. This greatly reduces the need for manual creation and maintenance of PVs.
                                                                                                                                
+
                                                                                                                                In addition to the default StorageClasses provided by CCE, you can customize StorageClasses. For details, see Application Scenarios of Custom Storage.
                                                                                                                                
 
                                                                                                                                
+
                                                                                                                                Creating a StorageClass Using the CCE Console
                                                                                                                                 
                                                                                                                                The Everest add-on must be in the running state in the target cluster.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. Choose Storage in the navigation pane. In the right pane, click the Storage Classes tab. Click Create Storage Class in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                                  
+
                                                                                                                                Table 3 Key parameters
                                                                                                                                Parameter
                                                                                                                                
@@ -299,7 +299,7 @@ spec:
 
 
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                                                                
+
                                                                                                                                StorageClass name, which must be the same as the StorageClass of the PV in 1.
                                                                                                                                
 
                                                                                                                                StorageClass name, which is csi-obs for an OBS volume.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
 
                                                                                                                                1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                                  • Volume Type: Select OBS.
                                                                                                                                  • OBS: Click Select OBS. On the displayed page, select the OBS volume that meets your requirements and click OK.
                                                                                                                                  • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                                  • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                  • Reclaim Policy: Delete or Retain is supported. For details, see PV Reclaim Policy.
                                                                                                                                     NOTE: 
                                                                                                                                    If multiple PVs use the same underlying storage volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                  • Custom (Recommended): Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                    Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                                                    
+
                                                                                                                                  • Access Key (AK/SK): (Recommended) Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                    Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                                                    
 
                                                                                                                                  • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring OBS Mount Options.
                                                                                                                                  
 
                                                                                                                                2. Click Create.
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                StorageClass Type
                                                                                                                                
+
                                                                                                                                Select an underlying storage type.
                                                                                                                                
+
                                                                                                                                Name
                                                                                                                                
+
                                                                                                                                Enter the StorageClass name. The name of a StorageClass must be unique within a cluster.
                                                                                                                                
+
                                                                                                                                Reclaim Policy
                                                                                                                                
+
                                                                                                                                You can select Delete or Retain to specify the reclaim policy of the underlying storage when the PVC is deleted. For details, see PV Reclaim Policy.
                                                                                                                                
+
                                                                                                                                • Delete: When a PVC is deleted, its associated underlying storage resources will be deleted and the PV resources will be removed. Exercise caution if you select this option.
                                                                                                                                • Retain: When a PVC is deleted, both of the PV and its associated underlying storage resources will be retained and the PV is marked as released. If you manually delete the PV afterwards, the underlying storage resources will not be deleted. To bind the PV to a new PVC, you need to remove the original binding information from the PV.
                                                                                                                                
+
                                                                                                                                Binding Mode
                                                                                                                                
+
                                                                                                                                Time when a PV is dynamically created, which can be created immediately or with a delay.
                                                                                                                                
+
                                                                                                                                • Immediate: After a PVC is created, the storage resources and PV will be created and associated with the PVC without delay. Local PVs do not support Immediate.
                                                                                                                                • WaitForFirstConsumer: After a PVC is created, it will not be immediately bound to a PV. Instead, the storage resources and PV will be generated and bound to the PVC only after the pod that requires the PVC is scheduled. OBS, SFS, and SFS Turbo do not support WaitForFirstConsumer.
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                CCE Default Storage Classes
                                                                                                                                As of now, CCE provides storage classes such as csi-disk, csi-nas, and csi-obs by default. When defining a PVC, you can use a storageClassName to automatically create a PV of the corresponding type and automatically create underlying storage resources.
                                                                                                                                
-
                                                                                                                                Run the following kubectl command to obtain the storage classes that CCE supports. Use the CSI add-on provided by CCE to create a storage class.
                                                                                                                                
+
                                                                                                                              • Click Create. On the Storage Classes tab page, view the created StorageClass and its information.
                                                                                                                                • 
+
                                                                                                                                
+
                                                                                                                                Creating a StorageClass Using a YAML File
                                                                                                                                As of now, CCE provides StorageClasses such as csi-disk, csi-nas, and csi-obs by default. When defining a PVC, you can use a StorageClassName to automatically create a PV of the corresponding type and automatically create underlying storage resources.
                                                                                                                                
+
                                                                                                                                Run the following kubectl command to obtain the StorageClasses that CCE supports. Use the CSI add-on provided by CCE to create a StorageClass.
                                                                                                                                
 
                                                                                                                                # kubectl get sc
 NAME                PROVISIONER                     AGE
 csi-disk            everest-csi-provisioner         17d          # EVS disk
@@ -15,219 +50,219 @@ csi-disk-topology   everest-csi-provisioner         17d          # EVS disks cre
 csi-nas             everest-csi-provisioner         17d          # SFS 1.0
 csi-obs             everest-csi-provisioner         17d          # OBS
 csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
                                                                                                                                
-
                                                                                                                                Each storage class contains the default parameters used for dynamically creating a PV. The following is an example of storage class for EVS disks:
                                                                                                                                kind: StorageClass
+
                                                                                                                                Each StorageClass contains the default parameters used for dynamically creating a PV. The following is an example of StorageClass for EVS disks:
                                                                                                                                kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: csi-disk
 provisioner: everest-csi-provisioner
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
+  csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
   everest.io/disk-volume-type: SAS
   everest.io/passthrough: 'true'
 reclaimPolicy: Delete
 allowVolumeExpansion: true
 volumeBindingMode: Immediate
                                                                                                                                
 
-
                                                                                                                                Table 1 Key parameters
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                Table 1 Key parameters
                                                                                                                                Parameter
                                                                                                                                
 
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                provisioner
                                                                                                                                
+
                                                                                                                                provisioner
                                                                                                                                
 
                                                                                                                                Specifies the storage resource provider, which is the Everest add-on for CCE. Set this parameter to everest-csi-provisioner.
                                                                                                                                
+
                                                                                                                                Specifies the storage resource provider, which is the Everest add-on for CCE. Set this parameter to everest-csi-provisioner.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                parameters
                                                                                                                                
+
                                                                                                                                parameters
                                                                                                                                
 
                                                                                                                                Specifies the storage parameters, which vary with storage types. For details, see Table 2.
                                                                                                                                
+
                                                                                                                                Specifies the storage parameters, which vary with storage types. For details, see Table 2.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                reclaimPolicy
                                                                                                                                
+
                                                                                                                                reclaimPolicy
                                                                                                                                
 
                                                                                                                                Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                                                                
-
                                                                                                                                • Delete: indicates that a dynamically created PV will be automatically deleted when the PVC is deleted.
                                                                                                                                • Retain: indicates that a dynamically created PV will be retained when the PVC is deleted.
                                                                                                                                
+
                                                                                                                                Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                                                                
+
                                                                                                                                • Delete: When a PVC is deleted, its associated underlying storage resources will be deleted and the PV resources will be removed. Exercise caution if you select this option.
                                                                                                                                • Retain: When a PVC is deleted, both of the PV and its associated underlying storage resources will be retained and the PV is marked as released. If you manually delete the PV afterwards, the underlying storage resources will not be deleted. To bind the PV to a new PVC, you need to remove the original binding information from the PV.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                allowVolumeExpansion
                                                                                                                                
+
                                                                                                                                allowVolumeExpansion
                                                                                                                                
 
                                                                                                                                Specifies whether the PV of this storage class supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                                                                
+
                                                                                                                                Specifies whether the PV of this StorageClass supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                volumeBindingMode
                                                                                                                                
+
                                                                                                                                volumeBindingMode
                                                                                                                                
 
                                                                                                                                Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                
-
                                                                                                                                • Immediate: PV binding and dynamic creation are completed when a PVC is created.
                                                                                                                                • WaitForFirstConsumer: PV binding and creation are delayed. The PV creation and binding processes are executed only when the PVC is used in the workload.
                                                                                                                                
+
                                                                                                                                Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                
+
                                                                                                                                • Immediate: After a PVC is created, the storage resources and PV will be created and associated with the PVC without delay.
                                                                                                                                • WaitForFirstConsumer: After a PVC is created, it will not be immediately bound to a PV. Instead, the storage resources and PV will be generated and bound to the PVC only after the pod that requires the PVC is scheduled.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                mountOptions
                                                                                                                                
+
                                                                                                                                mountOptions
                                                                                                                                
 
                                                                                                                                This field must be supported by the underlying storage. If this field is not supported but is specified, the PV creation will fail.
                                                                                                                                
+
                                                                                                                                This field must be supported by the underlying storage. If this field is not supported but is specified, the PV creation will fail.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 2 Parameters
                                                                                                                                Volume Type
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -236,7 +271,7 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
 
 
-
                                                                                                                                Application Scenarios of Custom Storage
                                                                                                                                When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The following configuration shows how to use a PVC to apply for a SAS (high I/O) EVS disk (block storage).
                                                                                                                                
+
                                                                                                                                Application Scenarios of Custom Storage
                                                                                                                                When using storage resources in CCE, the most common method is to specify StorageClassName to define the type of storage resources to be created when creating a PVC. The following configuration shows how to use a PVC to apply for a SAS (high I/O) EVS disk (block storage).
                                                                                                                                
 
                                                                                                                                apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -253,33 +288,33 @@ spec:
   storageClassName: csi-disk
                                                                                                                                
 
                                                                                                                                To specify the EVS disk type on CCE, use the everest.io/disk-volume-type field. SAS indicates the EVS disk type.
                                                                                                                                
 
                                                                                                                                The preceding is a basic method of using StorageClass. In real-world scenarios, you can use StorageClass to perform other operations.
-
                                                                                                                                Table 2 Parameters
                                                                                                                                Volume Type
                                                                                                                                
 
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                Parameter
                                                                                                                                
 
                                                                                                                                Mandatory
                                                                                                                                
+
                                                                                                                                Mandatory
                                                                                                                                
 
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                EVS
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                                
+
                                                                                                                                EVS
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                                                                
+
                                                                                                                                Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                If an EVS disk is used, the parameter value can be ext4 or xfs.
                                                                                                                                
-
                                                                                                                                The restrictions on using xfs are as follows:
                                                                                                                                • The nodes must run CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                • Only common containers are supported.
                                                                                                                                
+
                                                                                                                                If an EVS disk is used, the parameter value can be ext4 or xfs.
                                                                                                                                
+
                                                                                                                                The restrictions on using xfs are as follows:
                                                                                                                                • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                • Only common containers are supported.
                                                                                                                                
 
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/disk-volume-type
                                                                                                                                
+
                                                                                                                                everest.io/disk-volume-type
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                EVS disk type. All letters are in uppercase.
                                                                                                                                • SATA: common I/O
                                                                                                                                • SAS: high I/O
                                                                                                                                • SSD: ultra-high I/O
                                                                                                                                • GPSSD: general-purpose SSD
                                                                                                                                • ESSD: extreme SSD
                                                                                                                                
+
                                                                                                                                EVS disk type. All letters are in uppercase.
                                                                                                                                • SATA: common I/O
                                                                                                                                • SAS: high I/O
                                                                                                                                • SSD: ultra-high I/O
                                                                                                                                • GPSSD: general-purpose SSD
                                                                                                                                • ESSD: extreme SSD
                                                                                                                                
 
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/passthrough
                                                                                                                                
+
                                                                                                                                everest.io/passthrough
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                The parameter value is fixed at true, which indicates that the EVS device type is SCSI. Other parameter values are not allowed.
                                                                                                                                
+
                                                                                                                                The parameter value is fixed at true, which indicates that the EVS device type is SCSI. Other parameter values are not allowed.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                SFS
                                                                                                                                
+
                                                                                                                                SFS
                                                                                                                                
 
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                                                                
+
                                                                                                                                Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                If SFS is used, the value can be nfs.
                                                                                                                                
+
                                                                                                                                If SFS is used, the value can be nfs.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/share-access-level
                                                                                                                                
+
                                                                                                                                everest.io/share-access-level
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                The parameter value is fixed at rw, indicating that the SFS data is readable and writable.
                                                                                                                                
+
                                                                                                                                The parameter value is fixed at rw, indicating that the SFS data is readable and writable.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/share-access-to
                                                                                                                                
+
                                                                                                                                everest.io/share-access-to
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                VPC ID of the cluster.
                                                                                                                                
+
                                                                                                                                VPC ID of the cluster.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/share-is-public
                                                                                                                                
+
                                                                                                                                everest.io/share-is-public
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                The parameter value is fixed at false, indicating that the file is shared to private.
                                                                                                                                
-
                                                                                                                                You do not need to configure this parameter when SFS 3.0 is used.
                                                                                                                                
+
                                                                                                                                The parameter value is fixed at false, indicating that the file is shared to private.
                                                                                                                                
+
                                                                                                                                When you use SFS 3.0, there is no need to configure this parameter.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/sfs-version
                                                                                                                                
+
                                                                                                                                everest.io/sfs-version
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                This parameter is mandatory only when SFS 3.0 is used. The value is fixed at sfs3.0.
                                                                                                                                
+
                                                                                                                                This parameter is only required for SFS 3.0 and its value is fixed at sfs3.0.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                SFS Turbo
                                                                                                                                
+
                                                                                                                                SFS Turbo
                                                                                                                                
 
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                                                                
+
                                                                                                                                Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                If SFS Turbo is used, the value can be nfs.
                                                                                                                                
+
                                                                                                                                If SFS Turbo is used, the value can be nfs.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/share-access-to
                                                                                                                                
+
                                                                                                                                everest.io/share-access-to
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                VPC ID of the cluster.
                                                                                                                                
+
                                                                                                                                VPC ID of the cluster.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/share-expand-type
                                                                                                                                
+
                                                                                                                                everest.io/share-expand-type
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                Extension type. The default value is bandwidth, indicating an enhanced file system. This parameter does not take effect.
                                                                                                                                
+
                                                                                                                                Extension type. The default value is bandwidth, indicating an enhanced file system. This parameter does not take effect.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/share-source
                                                                                                                                
+
                                                                                                                                everest.io/share-source
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                The parameter value is fixed at sfs-turbo.
                                                                                                                                
+
                                                                                                                                The parameter value is fixed at sfs-turbo.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/share-volume-type
                                                                                                                                
+
                                                                                                                                everest.io/share-volume-type
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                SFS Turbo storage class. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                                                                
+
                                                                                                                                SFS Turbo StorageClass. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                OBS
                                                                                                                                
+
                                                                                                                                OBS
                                                                                                                                
 
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/csi-driver-name
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                                                                
+
                                                                                                                                Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
+
                                                                                                                                csi.storage.k8s.io/fstype
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                Instance type, which can be obsfs or s3fs.
                                                                                                                                
+
                                                                                                                                Instance type, which can be obsfs or s3fs.
                                                                                                                                
 
                                                                                                                                • obsfs: a parallel file system
                                                                                                                                • s3fs: object bucket
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                everest.io/obs-volume-type
                                                                                                                                
+
                                                                                                                                everest.io/obs-volume-type
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                OBS storage class.
                                                                                                                                
+
                                                                                                                                OBS StorageClass.
                                                                                                                                
 
                                                                                                                                • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                                                                • This parameter is invalid when fsType is set to obsfs.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Application Scenario
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
@@ -287,28 +322,28 @@ spec:
 
-
                                                                                                                                Custom Storage Class
                                                                                                                                This section uses the custom storage class of EVS disks as an example to describe how to define SAS EVS disk and SSD EVS disk as a storage class, respectively. For example, if you define a storage class named csi-disk-sas, which is used to create SAS storage, the differences are shown in the following figure. When compiling a YAML file, you only need to specify storageClassName.
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                                • You can customize a high I/O storage class in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                                                                  apiVersion: storage.k8s.io/v1
+
                                                                                                                                  Scenario 1: Specifying the Disk Type in a StorageClass
                                                                                                                                  This section uses the custom StorageClass of EVS disks as an example to describe how to define SAS EVS disk and SSD EVS disk as a StorageClass, respectively. For example, if you define a StorageClass named csi-disk-sas, which is used to create SAS storage, the differences are shown in the following figure. When editing a PVC's YAML file, you only need to specify StorageClassName.
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  • You can customize a high I/O StorageClass in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                                                                    apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
-  name: csi-disk-sas                          # Name of the high I/O storage class, which can be customized.
+  name: csi-disk-sas                          # Name of the high I/O StorageClass, which can be customized
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
+  csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
    everest.io/disk-volume-type: SAS            # High I/O EVS disk type, which cannot be customized.
   everest.io/passthrough: "true"
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
 allowVolumeExpansion: true                    # true indicates that capacity expansion is allowed.
                                                                                                                                    
-
                                                                                                                                  • For an ultra-high I/O storage class, you can set the class name to csi-disk-ssd to create SSD EVS disk (ultra-high I/O).
                                                                                                                                    apiVersion: storage.k8s.io/v1
+
                                                                                                                                  • For an ultra-high I/O StorageClass, you can set the class name to csi-disk-ssd to create SSD EVS disk (ultra-high I/O).
                                                                                                                                    apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
-  name: csi-disk-ssd                       # Name of the ultra-high I/O storage class, which can be customized.
+  name: csi-disk-ssd                       # Name of the ultra-high I/O StorageClass, which can be customized
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
+  csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
   everest.io/disk-volume-type: SSD         # Ultra-high I/O EVS disk type, which cannot be customized.
   everest.io/passthrough: "true"
 provisioner: everest-csi-provisioner
@@ -335,14 +370,14 @@ csi-nas             everest-csi-provisioner         17d
 csi-obs             everest-csi-provisioner         17d
 csi-sfsturbo        everest-csi-provisioner         17d
                                                                                                                                    
 
                                                                                                                                  
-
                                                                                                                                  Specifying a Default Storage Class
                                                                                                                                  You can specify a storage class as the default class. In this way, if you do not specify storageClassName when creating a PVC, the PVC is created using the default storage class.
                                                                                                                                  
-
                                                                                                                                  For example, to specify csi-disk-ssd as the default storage class, edit your YAML file as follows:
                                                                                                                                  
-
                                                                                                                                  apiVersion: storage.k8s.io/v1
+
                                                                                                                                  Scenario 2: Specifying the Default StorageClass
                                                                                                                                  You can specify a StorageClass as the default class. In this way, any PVCs created without specifying StorageClassName will automatically use the default StorageClass.
                                                                                                                                  
+
                                                                                                                                  For example, to specify csi-disk-ssd as the default StorageClass, edit your YAML file as follows:
                                                                                                                                  
+
                                                                                                                                  apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: csi-disk-ssd
   annotations:
-    storageclass.kubernetes.io/is-default-class: "true"   # Specifies the default storage class in a cluster. A cluster can have only one default storage class.
+    storageclass.kubernetes.io/is-default-class: "true"   # Specify the default StorageClass in a cluster. There can only be one default StorageClass per cluster.
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
   csi.storage.k8s.io/fstype: ext4
@@ -352,10 +387,8 @@ provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
 allowVolumeExpansion: true
                                                                                                                                  
-
                                                                                                                                  Delete the created csi-disk-ssd disk, run the kubectl create command to create a csi-disk-ssd disk again, and then query the storage class. The following information is displayed.
                                                                                                                                  
-
                                                                                                                                  # kubectl delete sc csi-disk-ssd
-storageclass.storage.k8s.io "csi-disk-ssd" deleted
-# kubectl create -f ssd.yaml
+
                                                                                                                                  Run the kubectl create command to create a StorageClass and then check it.
                                                                                                                                  
+
                                                                                                                                  # kubectl create -f ssd.yaml
 storageclass.storage.k8s.io/csi-disk-ssd created
 # kubectl get sc
 NAME                     PROVISIONER                     AGE
@@ -367,53 +400,6 @@ csi-nas                  everest-csi-provisioner         17d
 csi-obs                  everest-csi-provisioner         17d
 csi-sfsturbo             everest-csi-provisioner         17d
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Verification
                                                                                                                                  • Use csi-disk-sas to create a PVC.
                                                                                                                                    apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name:  sas-disk
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: csi-disk-sas
                                                                                                                                    
-
                                                                                                                                    Create a storage class and view its details. As shown below, the object can be created and the value of STORAGECLASS is csi-disk-sas.
                                                                                                                                    
-
                                                                                                                                    # kubectl create -f sas-disk.yaml 
-persistentvolumeclaim/sas-disk created
-# kubectl get pvc
-NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
-sas-disk   Bound    pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            csi-disk-sas   24s
-# kubectl get pv
-NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
-pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            Delete           Bound       default/sas-disk          csi-disk-sas            30s
                                                                                                                                    
-
                                                                                                                                    View the PVC details on the CCE console. On the PV details page, you can see that the disk type is high I/O.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                  • If storageClassName is not specified, the default configuration is used, as shown below.
                                                                                                                                    apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name:  ssd-disk
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
                                                                                                                                    
-
                                                                                                                                    Create and view the storage resource. You can see that the storage class of PVC ssd-disk is csi-disk-ssd, indicating that csi-disk-ssd is used by default.
                                                                                                                                    
-
                                                                                                                                    # kubectl create -f ssd-disk.yaml 
-persistentvolumeclaim/ssd-disk created
-# kubectl get pvc
-NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
-sas-disk   Bound    pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            csi-disk-sas   16m
-ssd-disk   Bound    pvc-4d2b059c-0d6c-44af-9994-f74d01c78731   10Gi       RWO            csi-disk-ssd   10s
-# kubectl get pv
-NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                     STORAGECLASS   REASON   AGE
-pvc-4d2b059c-0d6c-44af-9994-f74d01c78731   10Gi       RWO            Delete           Bound       default/ssd-disk          csi-disk-ssd            15s
-pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            Delete           Bound       default/sas-disk          csi-disk-sas            17m
                                                                                                                                    
-
                                                                                                                                    View the PVC details on the CCE console. On the PV details page, you can see that the disk type is ultra-high I/O.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                  
-
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0381.html b/docs/cce/umn/cce_10_0381.html
index 16641bfdd..452726cbe 100644
--- a/docs/cce/umn/cce_10_0381.html
+++ b/docs/cce/umn/cce_10_0381.html
@@ -3,7 +3,7 @@
 
                                                                                                                                  Snapshots and Backups
                                                                                                                                  
 
                                                                                                                                  CCE works with EVS to support snapshots. A snapshot is a complete copy or image of EVS disk data at a certain point of time, which can be used for data DR.
                                                                                                                                  
 
                                                                                                                                  You can create snapshots to rapidly save the disk data at a certain point of time. In addition, you can use snapshots to create disks so that the created disks will contain the snapshot data in the beginning.
                                                                                                                                  
-
                                                                                                                                  Precautions
                                                                                                                                  • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                                                                  • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being checked or configured.
                                                                                                                                  • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                  • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the FlexVolume storage class whose name is ssd, sas, or sata.
                                                                                                                                  • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                  • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                                                                  
+
                                                                                                                                  Precautions
                                                                                                                                  • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                                                                  • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (VBD or SCSI), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being checked or configured.
                                                                                                                                  • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                  • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the FlexVolume storage class whose name is ssd, sas, or sata.
                                                                                                                                  • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                  • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  Application Scenarios
                                                                                                                                  The snapshot feature helps address your following needs:
                                                                                                                                  
 
                                                                                                                                  • Routine data backup
                                                                                                                                    You can create snapshots for EVS disks regularly and use snapshots to recover your data in case that data loss or data inconsistency occurred due to misoperations, viruses, or attacks.
                                                                                                                                    
@@ -21,9 +21,6 @@
 
                                                                                                                                    kind: VolumeSnapshot
 apiVersion: snapshot.storage.k8s.io/v1beta1
 metadata:
-  finalizers:
-    - snapshot.storage.kubernetes.io/volumesnapshot-as-source-protection
-    - snapshot.storage.kubernetes.io/volumesnapshot-bound-protection
   name: cce-disksnap-test   # Snapshot name
   namespace: default
 spec:
@@ -33,7 +30,7 @@ spec:
 
                                                                                                                                  
 
                                                                                                                                  Using a Snapshot to Create a PVC
                                                                                                                                  The disk type, encryption setting, and disk mode of the created EVS PVC are consistent with those of the snapshot's source EVS disk.
                                                                                                                                  
 
                                                                                                                                  Using the CCE console
                                                                                                                                  
-
                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                  2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane. In the right pane, click the Snapshots and Backups tab.
                                                                                                                                  3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and configure PVC parameters in the displayed dialog box.
                                                                                                                                    • PVC Name: Enter a PVC name.
                                                                                                                                    • Resource Tag: Resource tags can be added to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                                                                      You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                      
+
                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                      2. Click the cluster name to go to the cluster console. Choose Storage in the navigation pane. In the right pane, click the Snapshots and Backups tab.
                                                                                                                                      3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and configure PVC parameters in the displayed dialog box.
                                                                                                                                        • PVC Name: Enter a PVC name.
                                                                                                                                        • Resource Tag: Resource tags can be added to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                                                                          You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                          
 
                                                                                                                                          CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                      4. Click Create.
                                                                                                                                      
@@ -45,7 +42,7 @@ metadata:
   namespace: default
   annotations:
     everest.io/disk-volume-type: SSD     # EVS disk type, which must be the same as that of the snapshot's source EVS disk.
-    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
     csi.storage.k8s.io/fstype: xfs    # (Optional) Configure this field when the snapshot file system is of the xfs type.
   labels:
     failure-domain.beta.kubernetes.io/region: <your_region>   # Replace the region with the one where the EVS disk is located.
diff --git a/docs/cce/umn/cce_10_0382.html b/docs/cce/umn/cce_10_0382.html
index 126d0d37b..c42951362 100644
--- a/docs/cce/umn/cce_10_0382.html
+++ b/docs/cce/umn/cce_10_0382.html
@@ -4,13 +4,13 @@
 
                                                                                                                                      Scenario
                                                                                                                                      Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure QoS rate limiting for inter-pod access to prevent this problem.
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                      Notes and Constraints
                                                                                                                                      The following shows constraints on setting the rate limiting for inter-pod access:
-
                                                                                                                                Application Scenario
                                                                                                                                
 
                                                                                                                                Solution
                                                                                                                                
+
                                                                                                                                Solution
                                                                                                                                
 
                                                                                                                                Procedure
                                                                                                                                
+
                                                                                                                                Procedure
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                When annotations is used to specify storage configuration, the configuration is complex. For example, the everest.io/disk-volume-type field is used to specify the EVS disk type.
                                                                                                                                
+
                                                                                                                                When annotations is used to specify storage configuration, the configuration is complex. For example, the everest.io/disk-volume-type field is used to specify the EVS disk type.
                                                                                                                                
 
                                                                                                                                Define PVC annotations in the parameters field of StorageClass. When compiling a YAML file, you only need to specify storageClassName.
                                                                                                                                
-
                                                                                                                                For example, you can define SAS EVS disk and SSD EVS disk as a storage class, respectively. If a storage class named csi-disk-sas is defined, it is used to create SAS storage.
                                                                                                                                
+
                                                                                                                                Define PVC annotations in the parameters field of StorageClass. When compiling a YAML file, you only need to specify StorageClassName.
                                                                                                                                
+
                                                                                                                                For example, you can define SAS EVS disk and SSD EVS disk as a StorageClass, respectively. If a StorageClass named csi-disk-sas is defined, it is used to create SAS storage.
                                                                                                                                
 
                                                                                                                                Custom Storage Class
                                                                                                                                
+
                                                                                                                                Scenario 1: Specifying the Disk Type in a StorageClass
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                When a user migrates services from a self-built Kubernetes cluster or other Kubernetes services to CCE, the storage class used in the original application YAML file is different from that used in CCE. As a result, a large number of YAML files or Helm chart packages need to be modified when the storage is used, which is complex and error-prone.
                                                                                                                                
+
                                                                                                                                When a user migrates services from an on-premises Kubernetes cluster or other Kubernetes services to CCE, the StorageClass used in the original application YAML file is different from that used in CCE. As a result, a large number of YAML files or Helm chart packages need to be modified when the storage is used, which is complex and error-prone.
                                                                                                                                
 
                                                                                                                                Create a storage class with the same name as that in the original application YAML file in the CCE cluster. After the migration, you do not need to modify the storageClassName in the application YAML file.
                                                                                                                                
-
                                                                                                                                For example, the EVS disk storage class used before the migration is disk-standard. After migrating services to a CCE cluster, you can copy the YAML file of the csi-disk storage class in the CCE cluster, change its name to disk-standard, and create another storage class.
                                                                                                                                
+
                                                                                                                                Create a StorageClass with the same name as that in the original application YAML file in the CCE cluster. After the migration, you do not need to modify the StorageClassName in the application YAML file.
                                                                                                                                
+
                                                                                                                                For example, the EVS disk StorageClass used before the migration is disk-standard. After migrating services to a CCE cluster, you can copy the YAML file of the csi-disk StorageClass in the CCE cluster, change its name to disk-standard, and create another StorageClass.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                storageClassName must be specified in the YAML file to use the storage. If not, the storage cannot be created.
                                                                                                                                
+
                                                                                                                                StorageClassName must be specified in the YAML file to use the storage. If not, the storage cannot be created.
                                                                                                                                
 
                                                                                                                                If you set the default StorageClass in the cluster, you can create storage without specifying the storageClassName in the YAML file.
                                                                                                                                
+
                                                                                                                                If you set the default StorageClass in the cluster, you can create storage without specifying the StorageClassName in the YAML file.
                                                                                                                                
 
                                                                                                                                Specifying a Default Storage Class
                                                                                                                                
+
                                                                                                                                Scenario 2: Specifying the Default StorageClass
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
 
                                                                                                                                Constraint Type
                                                                                                                                
+
                                                                                                                                
-
-
-
@@ -25,7 +25,7 @@
 
-
                                                                                                                                Constraint
                                                                                                                                
 
                                                                                                                                Tunnel network model
                                                                                                                                
+
                                                                                                                                Tunnel Network
                                                                                                                                
 
                                                                                                                                VPC network model
                                                                                                                                
+
                                                                                                                                VPC Network
                                                                                                                                
 
                                                                                                                                Cloud Native 2.0 Network Model
                                                                                                                                
+
                                                                                                                                Cloud Native 2.0 Network
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
                                                                                                                                Supported runtime types
                                                                                                                                
 
                                                                                                                                Only common containers
                                                                                                                                
+
                                                                                                                                Only regular containers (runC as the container runtime) are supported. Secure containers (Kata Containers as the container runtime) are not supported.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Supported pod types
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0384.html b/docs/cce/umn/cce_10_0384.html
index b42b25bd3..037e1c873 100644
--- a/docs/cce/umn/cce_10_0384.html
+++ b/docs/cce/umn/cce_10_0384.html
@@ -4,7 +4,7 @@
 
                                                                                                                                Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly and resources, if not released, are wasted in non-peak hours. Especially for online jobs that request a large quantity of resources to ensure SLA, resource utilization can be as low as it gets.
                                                                                                                                
 
                                                                                                                                Resource oversubscription is the process of making use of idle requested resources. Oversubscribed resources are suitable for deploying offline jobs, which focus on throughput but have low SLA requirements and can tolerate certain failures.
                                                                                                                                
 
                                                                                                                                Hybrid deployment of online and offline jobs in a cluster can better utilize cluster resources.
                                                                                                                                
-
                                                                                                                                Figure 1 Resource oversubscription
                                                                                                                                
+
                                                                                                                                Figure 1 Resource oversubscription
                                                                                                                                
 
                                                                                                                                Features
                                                                                                                                 
                                                                                                                                After dynamic resource oversubscription and elastic scaling are enabled in a node pool, oversubscribed resources change rapidly because the resource usage of high-priority applications changes in real time. To prevent frequent node scale-ins and scale-outs, do not consider oversubscribed resources when evaluating node scale-ins.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Hybrid deployment is supported, and CPU and memory resources can be oversubscribed. The key features are as follows:
                                                                                                                                
@@ -146,7 +146,7 @@ data:
 ...
 
                                                                                                                                
 
                                                                                                                              • Enable node oversubscription.
                                                                                                                                A label can be configured to use oversubscribed resources only after the oversubscription feature is enabled for a node. Related nodes can be created only in a node pool. To enable the oversubscription feature, perform the following steps:
                                                                                                                                
-
                                                                                                                                1. Create a node pool.
                                                                                                                                2. Choose Manage in the Operation column of the created node pool.
                                                                                                                                3. On the Manage Configurations page, enable Node oversubscription feature (over-subscription-resource) and click OK.
                                                                                                                                
+
                                                                                                                                1. Create a node pool.
                                                                                                                                2. Choose Manage in the Operation column of the created node pool.
                                                                                                                                3. On the Manage Components page, enable Node oversubscription feature (over-subscription-resource) and click OK.
                                                                                                                                
 
                                                                                                                              • Set the node oversubscription label.
                                                                                                                                The volcano.sh/oversubscription label needs to be configured for an oversubscribed node. If this label is set for a node and the value is true, the node is an oversubscribed node. Otherwise, the node is not an oversubscribed node.
                                                                                                                                
 
                                                                                                                                kubectl label node 192.168.0.0 volcano.sh/oversubscription=true
                                                                                                                                
 
                                                                                                                                An oversubscribed node also supports the oversubscription thresholds, as listed in Table 2. For example:
                                                                                                                                
@@ -219,7 +219,7 @@ preemptionPolicy: PreemptLowerPriority
 value: -90000
  
 EOF
-
                                                                                                                              • Deploy online and offline jobs and configure priorityClasses for these jobs.
                                                                                                                                The volcano.sh/qos-level annotation needs to be added to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is an online job. You do not need to set this annotation for online jobs. For both online and offline jobs, set schedulerName to volcano to enable Volcano.
                                                                                                                                
+
                                                                                                                              • Deploy online and offline jobs and configure priorityClasses for these jobs.
                                                                                                                                The volcano.sh/qos-level annotation needs to be added to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is an online job. You do not need to set this annotation for online jobs. For both online and offline jobs, set schedulerName to volcano to enable Volcano.
                                                                                                                                
 
                                                                                                                                 
                                                                                                                                The priorities between online jobs and between offline jobs are not differentiated, and the value validity is not verified. If the value of volcano.sh/qos-level of an offline job is not a negative integer ranging from -7 to 0, the job is processed as an online job.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                For an offline job:
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0385.html b/docs/cce/umn/cce_10_0385.html
index f238a4def..16be739d1 100644
--- a/docs/cce/umn/cce_10_0385.html
+++ b/docs/cce/umn/cce_10_0385.html
@@ -1,8 +1,8 @@
 
 
-
                                                                                                                                Using Annotations to Balance Load
                                                                                                                                
+
                                                                                                                                Configuring LoadBalancer Services Using Annotations
                                                                                                                                
 
                                                                                                                                You can add annotations to a YAML file to use some CCE advanced functions. This section describes the available annotations when a LoadBalancer service is created.
                                                                                                                                
-
+
 
                                                                                                                                Interconnection with ELB
                                                                                                                                
 
                                                                                                                                
@@ -19,7 +19,7 @@
 
-
-
@@ -242,7 +242,7 @@ spec:
 
-
@@ -251,7 +251,7 @@ spec:
 
-
@@ -507,7 +507,7 @@ spec:
 
@@ -637,154 +637,206 @@ spec:
 
                                                                                                                                For details, see Configuring HTTP/2 for a LoadBalancer Service.
                                                                                                                                
-
                                                                                                                                Parameters for Automatically Creating a Load Balancer
                                                                                                                                
-
                                                                                                                                Table 1 Annotations for interconnecting with ELB
                                                                                                                                Parameter
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Select a proper load balancer type.
                                                                                                                                
-
                                                                                                                                The value can be:
                                                                                                                                
+
                                                                                                                                Options:
                                                                                                                                
 
                                                                                                                                • union: shared load balancer
                                                                                                                                • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.9 or later
                                                                                                                                
@@ -42,12 +42,12 @@
 
                                                                                                                                
 
                                                                                                                                kubernetes.io/elb.autocreate
                                                                                                                                
 
                                                                                                                                Table 13
                                                                                                                                
+
                                                                                                                                Table 15
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Mandatory when load balancers are automatically created.
                                                                                                                                
-
                                                                                                                                Example:
                                                                                                                                
-
                                                                                                                                • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                  '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                  
-
                                                                                                                                • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                  {"type":"inner","name":"A-location-d-test"}
                                                                                                                                  
+
                                                                                                                                  Example
                                                                                                                                  
+
                                                                                                                                  • Automatically created shared load balancer with an EIP bound:
                                                                                                                                    '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                    
+
                                                                                                                                  • Automatically created shared load balancer with no EIP bound:
                                                                                                                                    {"type":"inner","name":"A-location-d-test"}
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                		
 
                                                                                                                                v1.9 or later
                                                                                                                                
@@ -188,7 +188,7 @@ spec:
 
                                                                                                                                
 
                                                                                                                                kubernetes.io/elb.session-affinity-option
                                                                                                                                
 
                                                                                                                                Table 16
                                                                                                                                
+
                                                                                                                                Table 18
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Sticky session timeout.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                kubernetes.io/elb.health-check-option
                                                                                                                                
 
                                                                                                                                Table 14
                                                                                                                                
+
                                                                                                                                Table 16
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                ELB health check configuration items.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                kubernetes.io/elb.health-check-options
                                                                                                                                
 
                                                                                                                                Table 15
                                                                                                                                
+
                                                                                                                                Table 17
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                ELB health check configuration items. Each Service port can be configured separately, and you can configure only some ports.
                                                                                                                                
 
                                                                                                                                 NOTE: 
                                                                                                                                Either kubernetes.io/elb.health-check-option or kubernetes.io/elb.health-check-options can be configured.
                                                                                                                                
@@ -318,7 +318,7 @@ spec:
 
                                                                                                                                String
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                ID of an ELB certificate, which is used as the HTTPS server certificate.
                                                                                                                                
-
                                                                                                                                To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                
+
                                                                                                                                To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.19.16 or later
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                If the pod uses hostNetwork, the ELB forwards the request to the host network after this annotation is used.
                                                                                                                                
 
                                                                                                                                Options:
                                                                                                                                
-
                                                                                                                                • true: enabled
                                                                                                                                • false (default): disabled
                                                                                                                                
+
                                                                                                                                • true: enabled
                                                                                                                                • false (default): disabled
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.9 or later
                                                                                                                                
                                                                                                                                 		
 
 
                                                                                                                                Table 13 elb.autocreate data structure
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                Obtaining Client IP Addresses
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
+
+
+
                                                                                                                                Table 13 Annotations for obtaining client IP addresses
                                                                                                                                Parameter
                                                                                                                                
 
                                                                                                                                Mandatory
                                                                                                                                
+
                                                                                                                                Type
                                                                                                                                
 
                                                                                                                                Type
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
 
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                Supported Cluster Version
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                name
                                                                                                                                
+
                                                                                                                                kubernetes.io/elb.transparent-client-ip
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                This parameter is available only when a shared load balancer is used to create a LoadBalancer Service that is TCP/UDP-compliant.
                                                                                                                                
+
                                                                                                                                • true: Enabling the function of obtaining the client source IP address.
                                                                                                                                • false: Disabling the function of obtaining the client source IP address.
                                                                                                                                
 
                                                                                                                                Name of the automatically created load balancer.
                                                                                                                                
+
                                                                                                                                v1.23.17-r0, v1.25.12-r0, v1.27.9-r0, v1.28.7-r0, v1.29.3-r0, or later
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                For details, see Enabling a LoadBalancer Service to Obtain the Client IP Address.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Configuring a Custom EIP
                                                                                                                                
+
                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                Table 14 Annotations of custom EIP configurations
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                Type
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                Supported Cluster Version
                                                                                                                                
+
                                                                                                                                kubernetes.io/elb.custom-eip-id
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                ID of the custom EIP, which can be seen on the EIP console
                                                                                                                                
+
                                                                                                                                The EIP must be bindable.
                                                                                                                                
+
                                                                                                                                v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, v1.30.1-r0, and later versions
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                For details, see Configuring a Custom EIP for a LoadBalancer Service.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Parameters for Automatically Creating a Load Balancer
                                                                                                                                
+
                                                                                                                                
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -806,63 +858,63 @@ spec:
 
                                                                                                                                Table 15 elb.autocreate data structure
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                Mandatory
                                                                                                                                
+
                                                                                                                                Type
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                name
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                Name of the automatically created load balancer.
                                                                                                                                
 
                                                                                                                                The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                
 
                                                                                                                                Default: cce-lb+service.UID
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                type
                                                                                                                                
+
                                                                                                                                type
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Network type of the load balancer.
                                                                                                                                
+
                                                                                                                                Network type of the load balancer.
                                                                                                                                
 
                                                                                                                                • public: public network load balancer
                                                                                                                                • inner: private network load balancer
                                                                                                                                
 
                                                                                                                                Default: inner
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                bandwidth_name
                                                                                                                                
+
                                                                                                                                bandwidth_name
                                                                                                                                
 
                                                                                                                                Yes for public network load balancers
                                                                                                                                
+
                                                                                                                                Yes for public network load balancers
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                
+
                                                                                                                                Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                
 
                                                                                                                                The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                bandwidth_chargemode
                                                                                                                                
+
                                                                                                                                bandwidth_chargemode
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Bandwidth mode.
                                                                                                                                
+
                                                                                                                                Bandwidth mode.
                                                                                                                                
 
                                                                                                                                • traffic: billed by traffic
                                                                                                                                
 
                                                                                                                                Default: traffic
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                bandwidth_size
                                                                                                                                
+
                                                                                                                                bandwidth_size
                                                                                                                                
 
                                                                                                                                Yes for public network load balancers
                                                                                                                                
+
                                                                                                                                Yes for public network load balancers
                                                                                                                                
 
                                                                                                                                Integer
                                                                                                                                
+
                                                                                                                                Integer
                                                                                                                                
 
                                                                                                                                Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                
+
                                                                                                                                Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                
 
                                                                                                                                The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                
 
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                bandwidth_sharetype
                                                                                                                                
+
                                                                                                                                bandwidth_sharetype
                                                                                                                                
 
                                                                                                                                Yes for public network load balancers
                                                                                                                                
+
                                                                                                                                Yes for public network load balancers
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Bandwidth sharing mode.
                                                                                                                                
+
                                                                                                                                Bandwidth sharing mode.
                                                                                                                                
 
                                                                                                                                • PER: dedicated bandwidth
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                eip_type
                                                                                                                                
+
                                                                                                                                eip_type
                                                                                                                                
 
                                                                                                                                Yes for public network load balancers
                                                                                                                                
+
                                                                                                                                Yes for public network load balancers
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                EIP type.
                                                                                                                                
+
                                                                                                                                EIP type.
                                                                                                                                
 
                                                                                                                                • 5_bgp: dynamic BGP
                                                                                                                                
 
                                                                                                                                The specific type varies with regions. For details, see the EIP console.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                vip_subnet_cidr_id
                                                                                                                                
+
                                                                                                                                vip_subnet_cidr_id
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                
+
                                                                                                                                Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                
 
                                                                                                                                If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                                                                
 
                                                                                                                                This field can be specified only for clusters of v1.21 or later.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                vip_address
                                                                                                                                
+
                                                                                                                                vip_address
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                
+
                                                                                                                                Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                
 
                                                                                                                                The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                                                                                
 
                                                                                                                                This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                available_zone
                                                                                                                                
+
                                                                                                                                available_zone
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                Array of strings
                                                                                                                                
+
                                                                                                                                Array of strings
                                                                                                                                
 
                                                                                                                                AZ where the load balancer is located.
                                                                                                                                
+
                                                                                                                                AZ where the load balancer is located.
                                                                                                                                
 
                                                                                                                                You can obtain all supported AZs by getting the AZ list.
                                                                                                                                
 
                                                                                                                                This parameter is available only for dedicated load balancers.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                l4_flavor_name
                                                                                                                                
+
                                                                                                                                l4_flavor_name
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Flavor name of the layer-4 load balancer.
                                                                                                                                
+
                                                                                                                                Flavor name of the layer-4 load balancer.
                                                                                                                                
 
                                                                                                                                You can obtain all supported types by getting the flavor list.
                                                                                                                                
 
                                                                                                                                This parameter is available only for dedicated load balancers.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                l7_flavor_name
                                                                                                                                
+
                                                                                                                                l7_flavor_name
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Flavor name of the layer-7 load balancer.
                                                                                                                                
+
                                                                                                                                Flavor name of the layer-7 load balancer.
                                                                                                                                
 
                                                                                                                                You can obtain all supported types by getting the flavor list.
                                                                                                                                
 
                                                                                                                                This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                elb_virsubnet_ids
                                                                                                                                
+
                                                                                                                                elb_virsubnet_ids
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                Array of strings
                                                                                                                                
+
                                                                                                                                Array of strings
                                                                                                                                
 
                                                                                                                                Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                
+
                                                                                                                                Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                
 
                                                                                                                                This parameter is available only for dedicated load balancers.
                                                                                                                                
 
                                                                                                                                Example:
                                                                                                                                
 
                                                                                                                                "elb_virsubnet_ids": [
@@ -792,13 +844,13 @@ spec:
  ]
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                ipv6_vip_virsubnet_id
                                                                                                                                
+
                                                                                                                                ipv6_vip_virsubnet_id
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                
+
                                                                                                                                ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                
 
                                                                                                                                This parameter is available only for dedicated load balancers.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 14 elb.health-check-option data structure
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -871,84 +923,84 @@ spec:
 
                                                                                                                                Table 16 elb.health-check-option data structure
                                                                                                                                Parameter
                                                                                                                                
 
                                                                                                                                Mandatory
                                                                                                                                
+
                                                                                                                                Mandatory
                                                                                                                                
 
                                                                                                                                Type
                                                                                                                                
+
                                                                                                                                Type
                                                                                                                                
 
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                delay
                                                                                                                                
+
                                                                                                                                delay
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check interval (s)
                                                                                                                                
+
                                                                                                                                Health check interval (s)
                                                                                                                                
 
                                                                                                                                Value range: 1 to 50. Default value: 5
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                timeout
                                                                                                                                
+
                                                                                                                                timeout
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check timeout, in seconds.
                                                                                                                                
+
                                                                                                                                Health check timeout, in seconds.
                                                                                                                                
 
                                                                                                                                Value range: 1 to 50. Default value: 10
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                max_retries
                                                                                                                                
+
                                                                                                                                max_retries
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Maximum number of health check retries.
                                                                                                                                
+
                                                                                                                                Maximum number of health check retries.
                                                                                                                                
 
                                                                                                                                Value range: 1 to 10. Default value: 3
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                protocol
                                                                                                                                
+
                                                                                                                                protocol
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check protocol.
                                                                                                                                
+
                                                                                                                                Health check protocol.
                                                                                                                                
 
                                                                                                                                Value options: TCP or HTTP
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                path
                                                                                                                                
+
                                                                                                                                path
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                
+
                                                                                                                                Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                
 
                                                                                                                                Default value: /
                                                                                                                                
 
                                                                                                                                Value range: 1-80 characters
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 15 elb.health-check-options
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -957,23 +1009,23 @@ spec:
 
                                                                                                                                Table 17 elb.health-check-options
                                                                                                                                Parameter
                                                                                                                                
 
                                                                                                                                Mandatory
                                                                                                                                
+
                                                                                                                                Mandatory
                                                                                                                                
 
                                                                                                                                Type
                                                                                                                                
+
                                                                                                                                Type
                                                                                                                                
 
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                target_service_port
                                                                                                                                
+
                                                                                                                                target_service_port
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                                                
+
                                                                                                                                Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                monitor_port
                                                                                                                                
+
                                                                                                                                monitor_port
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                                                
+
                                                                                                                                Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                                                
 
                                                                                                                                 NOTE: 
                                                                                                                                Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
                                                                                                                                
 
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                delay
                                                                                                                                
+
                                                                                                                                delay
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check interval (s)
                                                                                                                                
+
                                                                                                                                Health check interval (s)
                                                                                                                                
 
                                                                                                                                Value range: 1 to 50. Default value: 5
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                timeout
                                                                                                                                
+
                                                                                                                                timeout
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check timeout, in seconds.
                                                                                                                                
+
                                                                                                                                Health check timeout, in seconds.
                                                                                                                                
 
                                                                                                                                Value range: 1 to 50. Default value: 10
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                max_retries
                                                                                                                                
+
                                                                                                                                max_retries
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Maximum number of health check retries.
                                                                                                                                
+
                                                                                                                                Maximum number of health check retries.
                                                                                                                                
 
                                                                                                                                Value range: 1 to 10. Default value: 3
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                protocol
                                                                                                                                
+
                                                                                                                                protocol
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check protocol.
                                                                                                                                
+
                                                                                                                                Health check protocol.
                                                                                                                                
 
                                                                                                                                Default value: protocol of the associated Service
                                                                                                                                
 
                                                                                                                                Value options: TCP, UDP, or HTTP
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                path
                                                                                                                                
+
                                                                                                                                path
                                                                                                                                
 
                                                                                                                                No
                                                                                                                                
+
                                                                                                                                No
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                
+
                                                                                                                                Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                
 
                                                                                                                                Default value: /
                                                                                                                                
 
                                                                                                                                Value range: 1-80 characters
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 16 elb.session-affinity-option data structure
                                                                                                                                Parameter
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0386.html b/docs/cce/umn/cce_10_0386.html
index c2a005c52..f915fc0ee 100644
--- a/docs/cce/umn/cce_10_0386.html
+++ b/docs/cce/umn/cce_10_0386.html
@@ -100,8 +100,8 @@ spec:
       ...
                                                                                                                                You can also add other labels to the pod for affinity and anti-affinity scheduling. In the following figure, three pod labels (release, env, and role) are defined for workload APP 1, APP 2, and APP 3. The values of these labels vary with workload.
                                                                                                                                • APP 1: [release:alpha;env:development;role:frontend]
                                                                                                                                • APP 2: [release:beta;env:testing;role:frontend]
                                                                                                                                • APP 3: [release:alpha;env:production;role:backend]
                                                                                                                                
-
                                                                                                                                Figure 1 Label example
                                                                                                                                
-
                                                                                                                                For example, if key/value is set to role/backend, APP 3 will be selected for affinity scheduling. For details, see Workload Affinity (podAffinity).
                                                                                                                                
+
                                                                                                                                Figure 1 Label example
                                                                                                                                
+
                                                                                                                                For example, if key/value is set to role/backend, APP 3 will be selected for affinity scheduling. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0388.html b/docs/cce/umn/cce_10_0388.html
index faffb495d..19879f56e 100644
--- a/docs/cce/umn/cce_10_0388.html
+++ b/docs/cce/umn/cce_10_0388.html
@@ -22,7 +22,7 @@ spec:
         memory: 200Mi
   imagePullSecrets:
   - name: default-secret
-
                                                                                                                                The data of default-secret is updated periodically, and the current data will expire after a certain period of time. You can run the describe command to view the expiration time in of default-secret.
                                                                                                                                
+
                                                                                                                                The data of default-secret is updated periodically, and the current data will expire after a certain period of time. You can run the describe command to view the expiration time in default-secret.
                                                                                                                                
 
                                                                                                                                 
                                                                                                                                Use default-secret directly instead of copying the secret content to create a new one. The credential in the copied secret will expire and the image cannot be pulled.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                $ kubectl describe secret default-secret
@@ -37,8 +37,8 @@ Data
 ====
 .dockerconfigjson:  347 bytes
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                paas.elb
                                                                                                                                The data of paas.elb is the temporary AK/SK data, which is used to create ELB load balancers during Service and ingress creation. The data of paas.elb is periodically updated and expires after a certain period of time.
                                                                                                                                
-
                                                                                                                                In practice, you will not directly use paas.elb. However, do not delete it. Otherwise, ELB load balancers will fail to be created.
                                                                                                                                
+
                                                                                                                                paas.elb
                                                                                                                                The paas.elb data stores a temporary AK/SK that is used when a node is created or a load balancer is automatically created. The paas.elb data is updated periodically and has a specific time limit before it expires.
                                                                                                                                
+
                                                                                                                                In practice, you will not directly use paas.elb. Do not delete it, as doing so will result in the failure of creating a node or load balancer. will fail.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                default-token-xxxxx
                                                                                                                                By default, Kubernetes creates a service account named default for each namespace. default-token-xxxxx is the key of the service account, and xxxxx is a random number.
                                                                                                                                
 
                                                                                                                                $ kubectl get sa
diff --git a/docs/cce/umn/cce_10_0390.html b/docs/cce/umn/cce_10_0390.html
index d6ab0603f..0d9556d09 100644
--- a/docs/cce/umn/cce_10_0390.html
+++ b/docs/cce/umn/cce_10_0390.html
@@ -1,18 +1,19 @@
 
 
-
                                                                                                                                Creating Nginx Ingresses on the Console
                                                                                                                                
-
                                                                                                                                Prerequisites
                                                                                                                                • An ingress provides network access for backend workloads. Ensure that a workload is available in a cluster. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                • A ClusterIP or NodePort Service has been configured for the workload. For details about how to configure the Service, see ClusterIP or NodePort.
                                                                                                                                • To add Nginx Ingress, ensure that the Nginx Ingress Controller add-on has been installed in the cluster. For details, see Installing the Add-on.
                                                                                                                                
+
                                                                                                                                Creating an Nginx Ingress on the Console
                                                                                                                                
+
                                                                                                                                In Kubernetes, an ingress is a resource object that controls how Services within a cluster can be accessed from outside the cluster. You can use ingresses to configure different forwarding rules to access pods in a cluster. The following uses an Nginx workload as an example to describe how to create an Nginx ingress on the console.
                                                                                                                                
+
                                                                                                                                Prerequisites
                                                                                                                                • An ingress provides network access for backend workloads. Ensure that a workload is available in a cluster. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                • A ClusterIP or NodePort Service has been configured for the workload. For details about how to configure the Service, see ClusterIP or NodePort.
                                                                                                                                • To add Nginx Ingress, ensure that the NGINX Ingress Controller add-on has been installed in the cluster. For details, see Installing the Add-on.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Notes and Constraints
                                                                                                                                • It is not recommended modifying any configuration of a load balancer on the ELB console. Otherwise, the Service will be abnormal. If you have modified the configuration, uninstall the nginx-ingress add-on and reinstall it.
                                                                                                                                • The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                                                                                • The selected or created load balancer must be in the same VPC as the current cluster, and it must match the load balancer type (private or public network).
                                                                                                                                • The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Creating an Nginx Ingress
                                                                                                                                This section uses an Nginx workload as an example to describe how to create an Nginx ingress.
                                                                                                                                
-
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                3. Configure ingress parameters.
                                                                                                                                  • Name: Customize the name of an ingress, for example, nginx-ingress-demo.
                                                                                                                                  • Namespace: Select the namespace to which the ingress is to be added.
                                                                                                                                  • nginx-ingress: This option is displayed only after the NGINX Ingress Controller add-on is installed in the cluster.
                                                                                                                                    • Ingress Class: Select the name of the Nginx Ingress controller installed in the cluster. You can install multiple Nginx Ingress controllers and customize controller names as needed.
                                                                                                                                    • External Protocol: The options are HTTP and HTTPS. The default number of the listening port reserved when Nginx Ingress Controller is installed is 80 for HTTP and 443 for HTTPS. To use HTTPS, configure a certificate.
                                                                                                                                    • Certificate Source: source of a certificate for encrypting and authenticating HTTPS data transmission.
                                                                                                                                      • If you select a TLS key, you must create a key certificate of the IngressTLS or kubernetes.io/tls type beforehand. For details, see Creating a Secret.
                                                                                                                                      • If you select the default certificate, Nginx Ingress Controller will use its default certificate for encryption and authentication. You can configure the default certificate during NGINX Ingress Controller installation. If the default certificate is not configured, the certificate provided by Nginx Ingress Controller will be used.
                                                                                                                                      
+
                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                      2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                      3. Configure ingress parameters.
                                                                                                                                        • Name: Customize the name of an ingress, for example, nginx-ingress-demo.
                                                                                                                                        • Namespace: Select the namespace to which the ingress is to be added.
                                                                                                                                        • nginx-ingress: This option is displayed only after the NGINX Ingress Controller add-on is installed in the cluster.
                                                                                                                                          • Ingress Class: Select the name of the Nginx Ingress controller installed in the cluster. You can install multiple Nginx Ingress controllers and customize controller names as needed.
                                                                                                                                          • External Protocol: The options are HTTP and HTTPS. The default number of the listening port reserved when NGINX Ingress Controller is installed is 80 for HTTP and 443 for HTTPS. To use HTTPS, configure a certificate.
                                                                                                                                          • Certificate Source: source of a certificate for encrypting and authenticating HTTPS data transmission.
                                                                                                                                            • If you select a TLS key, you must create a key certificate of the IngressTLS or kubernetes.io/tls type beforehand. For details, see Creating a Secret.
                                                                                                                                            • If you select the default certificate, NGINX Ingress Controller will use its default certificate for encryption and authentication. You can configure the default certificate during NGINX Ingress Controller installation. If the default certificate is not configured, the certificate provided by NGINX Ingress Controller will be used.
                                                                                                                                            
 
                                                                                                                                          • SNI: stands for Server Name Indication (SNI), which is an extended protocol of TLS. SNI allows multiple TLS-compliant domain names for external access using the same IP address and port number, and different domain names can use different security certificates. After SNI is enabled, the client is allowed to submit the requested domain name when initiating a TLS handshake request. After receiving the TLS request, the load balancer searches for the certificate based on the domain name in the request. If the certificate corresponding to the domain name is found, the load balancer returns the certificate for authorization. Otherwise, the default certificate (server certificate) is returned for authorization.
                                                                                                                                          
-
                                                                                                                                        • Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL), the request is forwarded to the corresponding target Service for processing. Click Add Forwarding Policies to add multiple forwarding policies.
                                                                                                                                          • Domain Name: actual domain name. Ensure that the entered domain name has been registered and archived. After the ingress is created, bind the domain name to the IP address of the automatically created load balancer (IP address of the ingress access address). If a domain name rule is configured, the domain name must always be used for access.
                                                                                                                                          • Path Matching Rule:
                                                                                                                                            • Default: Prefix match is used by default.
                                                                                                                                            • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                                                                                            • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                                                                                            
-
                                                                                                                                          • Path: access path to be registered, for example, /healthz.
                                                                                                                                             
                                                                                                                                            • The access path matching rule of Nginx Ingress is based on the path prefix separated by the slash (/) and is case-sensitive. If the subpath separated by a slash (/) matches the prefix, the access is normal. However, if the prefix is only a part of the character string in the subpath, the access is not matched. For example, if the URL is set to /healthz, /healthz/v1 is matched, but /healthzv1 is not matched.
                                                                                                                                            • The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                                              For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                                                                              
+
                                                                                                                                            • Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL), the request is forwarded to the corresponding target Service for processing. Click Add Forwarding Policies to add multiple forwarding policies.
                                                                                                                                              • Domain Name: actual domain name. Ensure that the entered domain name has been registered and archived. After the ingress is created, bind the domain name to the IP address of the automatically created load balancer (IP address of the ingress access address). If a domain name rule is configured, the domain name must always be used for access.
                                                                                                                                              • Path Matching Rule:
                                                                                                                                                • Default: Prefix match is used by default.
                                                                                                                                                • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed, for example, /healthz/v1 and /healthz/v2.
                                                                                                                                                • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                                                                                                
+
                                                                                                                                              • Path: access path, for example, /healthz
                                                                                                                                                 
                                                                                                                                                • The access path matching rule of Nginx Ingress is based on the path prefix separated by the slash (/) and is case-sensitive. If the subpath separated by a slash (/) matches the prefix, the access is normal. However, if the prefix is only a part of the character string in the subpath, the access is not matched. For example, if the URL is set to /healthz, /healthz/v1 is matched, but /healthzv1 is not matched.
                                                                                                                                                • The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                                                  For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                                                                                  
 
                                                                                                                                                
 
                                                                                                                                                
-
                                                                                                                                              • Destination Service: Select an existing Service or create a Service. Services that do not meet search criteria are automatically filtered out.
                                                                                                                                              • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                              • Operation: Click Delete to delete the configuration.
                                                                                                                                              
+
                                                                                                                                            • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                            • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                            • Operation: Click Delete to delete the configuration.
                                                                                                                                            
 
                                                                                                                                          • Annotation: The value is in the format of key:value. You can use annotations to query the configurations supported by nginx-ingress.
                                                                                                                                          
 
                                                                                                                                        • Click OK.
                                                                                                                                          After the ingress is created, it is displayed in the ingress list.
                                                                                                                                          
 
                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0391.html b/docs/cce/umn/cce_10_0391.html
index 3c2a921f0..47d2f1e63 100644
--- a/docs/cce/umn/cce_10_0391.html
+++ b/docs/cce/umn/cce_10_0391.html
@@ -1,8 +1,7 @@
 
 
 
                                                                                                                                      Local PVs
                                                                                                                                      
-
                                                                                                                                      
-
                                                                                                                                      
+
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                        
 
                                                                                                                                      • Overview
                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0400.html b/docs/cce/umn/cce_10_0400.html
index efed4d98b..a0cf43835 100644
--- a/docs/cce/umn/cce_10_0400.html
+++ b/docs/cce/umn/cce_10_0400.html
@@ -4,12 +4,12 @@
 
                                                                                                                                        Containers can access the Internet in either of the following ways:
                                                                                                                                        
 
                                                                                                                                        • Bind an EIP to the node where the container is located if the network model is VPC or tunnel.
                                                                                                                                        • Bind an EIP to the pod. (This function applies only to Cloud Native 2.0 clusters. To do so, manually bind an EIP to the ENI or sub-ENI of the pod on the VPC console. This method is not recommended because the IP address of a pod changes after the pod is rescheduled. As a result, the new pod cannot access the Internet.)
                                                                                                                                        • Configure SNAT rules through NAT Gateway.
                                                                                                                                        
 
                                                                                                                                        You can use NAT Gateway to enable container pods in a VPC to access the Internet. NAT Gateway provides source network address translation (SNAT), which translates private IP addresses to a public IP address by binding an elastic IP address (EIP) to the gateway, providing secure and efficient access to the Internet. Figure 1 shows the SNAT architecture. The SNAT function allows the container pods in a VPC to access the Internet without being bound to an EIP. SNAT supports a large number of concurrent connections, which makes it suitable for applications involving a large number of requests and connections.
                                                                                                                                        
-
                                                                                                                                        Figure 1 SNAT
                                                                                                                                        
+
                                                                                                                                        Figure 1 SNAT
                                                                                                                                        
 
                                                                                                                                        To enable a container to access the Internet, perform the following steps:
                                                                                                                                        
-
                                                                                                                                        1. Obtain an EIP. 
                                                                                                                                          1. Log in to the management console.
                                                                                                                                          2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                          3. Click  in the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                                                                          4. On the EIPs page, click Assign EIP.
                                                                                                                                          5. Configure parameters as required.
                                                                                                                                             
                                                                                                                                            Set Region to the region where container pods are located.
                                                                                                                                            
+
                                                                                                                                            1. Obtain an EIP. 
                                                                                                                                              1. Log in to the management console.
                                                                                                                                              2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                              3. Click  in the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                                                                              4. On the EIPs page, click Assign EIP.
                                                                                                                                              5. Configure parameters as required.
                                                                                                                                                 
                                                                                                                                                Set Region to the region where container pods are located.
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                              
-
                                                                                                                                            2. Create a NAT gateway.
                                                                                                                                              1. Click  in the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                                                              2. On the Public Network Gateways page, click Create Public NAT Gateway in the upper right corner.
                                                                                                                                              3. Configure parameters as required.
                                                                                                                                                 
                                                                                                                                                Select the same VPC.
                                                                                                                                                
+
                                                                                                                                              4. Create a NAT gateway. 
                                                                                                                                                1. Click  in the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                                                                2. On the Public Network Gateways page, click Create Public NAT Gateway in the upper right corner.
                                                                                                                                                3. Configure parameters as required.
                                                                                                                                                   
                                                                                                                                                  Select the same VPC.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                
 
                                                                                                                                              5. Configure an SNAT rule and bind the EIP to the subnet. 
                                                                                                                                                1. On the page displayed, click the name of the NAT gateway for which you want to add the SNAT rule.
                                                                                                                                                2. On the SNAT Rules tab page, click Add SNAT Rule.
                                                                                                                                                3. Set parameters as required.
                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0402.html b/docs/cce/umn/cce_10_0402.html
index cc536d2d5..1edfdfe5a 100644
--- a/docs/cce/umn/cce_10_0402.html
+++ b/docs/cce/umn/cce_10_0402.html
@@ -29,7 +29,7 @@ spec:
 NAME                    READY   STATUS    RESTARTS   AGE     IP          NODE        NOMINATED NODE   READINESS GATES
 nginx-6fdf99c8b-6wwft   1/1     Running   0          3m41s   10.1.0.55   10.1.0.55   <none>           <none>
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Precautions
                                                                                                                                If a pod uses the host network, it occupies a host port. The pod IP is the host IP. To use the host network, you must confirm pods do not conflict with each other in terms of the host ports they occupy. Do not use the host network unless a specific application must use a specific port on the host.
                                                                                                                                
+
                                                                                                                                Precautions
                                                                                                                                When a pod uses a host network, it uses a host port and its IP address is the same as the host's IP address. Before using a host network, verify that the pod port does not conflict with any service port on the host. Use a host network only if a workload pod must access a specific host port.
                                                                                                                                
 
                                                                                                                                When using the host network, you access a pod on a node through a node port. Therefore, allow access from the security group port of the node. Otherwise, the access fails.
                                                                                                                                
 
                                                                                                                                In addition, using the host network requires you to reserve host ports for the pods. When using a Deployment to deploy pods of the hostNetwork type, ensure that the number of pods does not exceed the number of nodes. Otherwise, multiple pods will be scheduled onto the node, and they will fail to start due to port conflicts. For example, in the preceding example nginx YAML, if two pods (setting replicas to 2) are deployed in a cluster with only one node, one pod cannot be created. The pod logs will show that the Nginx cannot be started because the port is occupied.
                                                                                                                                
 
                                                                                                                                 
                                                                                                                                Do not schedule multiple pods that use the host network on the same node. Otherwise, when a ClusterIP Service is created to access a pod, the cluster IP address cannot be accessed.
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0403.html b/docs/cce/umn/cce_10_0403.html
index 9aeb5a19d..688bd128b 100644
--- a/docs/cce/umn/cce_10_0403.html
+++ b/docs/cce/umn/cce_10_0403.html
@@ -5,7 +5,7 @@
 
                                                                                                                                
 
                                                                                                                                Notes and Constraints
                                                                                                                                • A cluster that has only one master node supports fewer than 1000 worker nodes.
                                                                                                                                • The number of master nodes cannot be changed when you modify cluster specifications.
                                                                                                                                • A cluster can only be scaled out to a larger specification, but cannot be scaled in.
                                                                                                                                • To ensure proper cluster functionality, perform any specifications changes during off-peak hours. This is because master nodes will need to be powered off and on, which can disrupt normal operations.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Procedure
                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                2. Locate the cluster whose specifications need to be modified, click ... to view more operations on the cluster, and choose Modify Specifications.
                                                                                                                                3. On the page displayed, select a new cluster scale.
                                                                                                                                4. Click Next to confirm the specifications and click OK.
                                                                                                                                  You can click Operation Records in the upper right corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                                                                  
+
                                                                                                                                  Procedure
                                                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                  2. Locate the cluster whose specifications need to be modified, click ... to view more operations on the cluster, and choose Modify Specifications.
                                                                                                                                  3. On the page displayed, select a new cluster scale.
                                                                                                                                  4. Click Next to confirm the specifications and click OK.
                                                                                                                                    You can click Operation Records in the upper right corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                                                                    
 
                                                                                                                                     
                                                                                                                                    After the cluster scale is changed to 1000 nodes or more, some parameter values of the cluster will be automatically adjusted to ensure the cluster performance. For details, see Modifying Cluster Configurations.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0405.html b/docs/cce/umn/cce_10_0405.html
index 9df637e45..8209815f2 100644
--- a/docs/cce/umn/cce_10_0405.html
+++ b/docs/cce/umn/cce_10_0405.html
@@ -1,39 +1,101 @@
 
 
 
                                                                                                                                  Patch Version Release Notes
                                                                                                                                  
-
                                                                                                                                  Version 1.29
                                                                                                                                  
-
                                                                                                                                Table 18 elb.session-affinity-option data structure
                                                                                                                                Parameter
                                                                                                                                
 
                                                                                                                                Mandatory
                                                                                                                                
+
                                                                                                                                Mandatory
                                                                                                                                
 
                                                                                                                                Type
                                                                                                                                
+
                                                                                                                                Type
                                                                                                                                
 
                                                                                                                                Description
                                                                                                                                
+
                                                                                                                                Description
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                persistence_timeout
                                                                                                                                
+
                                                                                                                                persistence_timeout
                                                                                                                                
 
                                                                                                                                Yes
                                                                                                                                
+
                                                                                                                                Yes
                                                                                                                                
 
                                                                                                                                String
                                                                                                                                
+
                                                                                                                                String
                                                                                                                                
 
                                                                                                                                Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                                                
+
                                                                                                                                Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                                                
 
                                                                                                                                Value range: 1 to 60. Default value: 60
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
 
 
 
 
                                                                                                                                Table 1 Release notes for the v1.29 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                Version 1.30
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
                                                                                                                                Table 1 Release notes for the v1.30 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
 
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
 
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
 
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
 
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                v1.29.2-r0
                                                                                                                                
+
                                                                                                                                v1.30.4-r0
                                                                                                                                
 
                                                                                                                                v1.29.3
                                                                                                                                
+
                                                                                                                                v1.30.4
                                                                                                                                
 
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                                                                
 
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                • You can change a node password when updating its node pool.
                                                                                                                                • A node can be attached with no data disks.
                                                                                                                                • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                                                                • The default image address can be customized for Docker node pools.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.29.1-r0
                                                                                                                                
+
                                                                                                                                v1.30.1-r2
                                                                                                                                
 
                                                                                                                                v1.29.1
                                                                                                                                
+
                                                                                                                                v1.30.2
                                                                                                                                
 
                                                                                                                                CCE clusters of v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                Enhanced system stability.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                v1.30.1-r0
                                                                                                                                
+
                                                                                                                                v1.30.2
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.30 are released for the first time. For more information, see Kubernetes 1.30 Release Notes.
                                                                                                                                
+
                                                                                                                                • When deleting a cluster, CCE enables you to select which log groups to delete.
                                                                                                                                • When a node is created using a private image, the image password can be retained.
                                                                                                                                • CCE supports GPU rendering.
                                                                                                                                
+
                                                                                                                                CCE can handle ELB listeners on all ports.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Version 1.29
                                                                                                                                
+
                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -41,73 +103,84 @@
 
                                                                                                                                Version 1.28
                                                                                                                                
-
                                                                                                                                Table 2 Release notes for the v1.29 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                v1.29.8-r0
                                                                                                                                
+
                                                                                                                                v1.29.8
                                                                                                                                
+
                                                                                                                                • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                                                                
+
                                                                                                                                • You can change a node password when updating its node pool.
                                                                                                                                • A node can be attached with no data disks.
                                                                                                                                • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                                                                • The default image address can be customized for Docker node pools.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                v1.29.2-r0
                                                                                                                                
+
                                                                                                                                v1.29.3
                                                                                                                                
+
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                v1.29.1-r0
                                                                                                                                
+
                                                                                                                                v1.29.1
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
 
                                                                                                                                Table 2 Release notes for the v1.28 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -118,84 +191,95 @@
 
                                                                                                                                Version 1.27
                                                                                                                                 
                                                                                                                                dockershim has been removed since Kubernetes v1.24, and Docker is not supported in v1.24 and later versions by default. Use containerd. 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 3 Release notes for the v1.28 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
 
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
 
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
 
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
 
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                v1.28.6-r0
                                                                                                                                
+
                                                                                                                                v1.28.13-r0
                                                                                                                                
 
                                                                                                                                v1.28.8
                                                                                                                                
+
                                                                                                                                v1.28.13
                                                                                                                                
 
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                                                                
 
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                • You can change a node password when updating its node pool.
                                                                                                                                • A node can be attached with no data disks.
                                                                                                                                • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                                                                • The default image address can be customized for Docker node pools.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.28.3-r0
                                                                                                                                
+
                                                                                                                                v1.28.6-r0
                                                                                                                                
 
                                                                                                                                v1.28.3
                                                                                                                                
+
                                                                                                                                v1.28.8
                                                                                                                                
 
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
+
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                v1.28.3-r0
                                                                                                                                
+
                                                                                                                                v1.28.3
                                                                                                                                
+
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.28.2-r0
                                                                                                                                
+
                                                                                                                                v1.28.2-r0
                                                                                                                                
 
                                                                                                                                v1.28.3
                                                                                                                                
+
                                                                                                                                v1.28.3
                                                                                                                                
 
                                                                                                                                • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
                                                                                                                                
+
                                                                                                                                • You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.28.1-r4
                                                                                                                                
+
                                                                                                                                v1.28.1-r4
                                                                                                                                
 
                                                                                                                                v1.28.3
                                                                                                                                
+
                                                                                                                                v1.28.3
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
+
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.28.1-r0
                                                                                                                                
+
                                                                                                                                v1.28.1-r0
                                                                                                                                
 
                                                                                                                                v1.28.3
                                                                                                                                
+
                                                                                                                                v1.28.3
                                                                                                                                
 
                                                                                                                                CCE clusters of v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes.
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes.
                                                                                                                                
 
                                                                                                                                • The prefix and suffix of a node name can be customized in node pools.
                                                                                                                                • In CCE Turbo clusters, you can create container networks for workloads and specify pod subnets.
                                                                                                                                • LoadBalancer ingresses support gRPC.
                                                                                                                                • LoadBalancer Services allow you to specify a private IP address for a load balancer during Service creation using YAML.
                                                                                                                                
 
                                                                                                                                • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
                                                                                                                                • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
                                                                                                                                
+
                                                                                                                                • Accelerated the startup speed for creating a large number of Kata containers in a CCE Turbo cluster.
                                                                                                                                • Improved the stability when Kata containers are repeatedly created or deleted in a CCE Turbo cluster.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Table 3 Release notes for the v1.27 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -205,116 +289,127 @@
 
                                                                                                                                Version 1.25
                                                                                                                                 
                                                                                                                                All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5, use containerd by default.
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Table 4 Release notes for the v1.27 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
 
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
 
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
 
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
 
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                v1.27.8-r0
                                                                                                                                
+
                                                                                                                                v1.27.16-r0
                                                                                                                                
 
                                                                                                                                v1.27.12
                                                                                                                                
+
                                                                                                                                v1.27.16
                                                                                                                                
 
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                                                                
 
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                • You can change a node password when updating its node pool.
                                                                                                                                • A node can be attached with no data disks.
                                                                                                                                • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                                                                • The default image address can be customized for Docker node pools.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.27.5-r0
                                                                                                                                
+
                                                                                                                                v1.27.8-r0
                                                                                                                                
 
                                                                                                                                v1.27.4
                                                                                                                                
+
                                                                                                                                v1.27.12
                                                                                                                                
 
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
+
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                v1.27.5-r0
                                                                                                                                
+
                                                                                                                                v1.27.4
                                                                                                                                
+
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.27.3-r4
                                                                                                                                
+
                                                                                                                                v1.27.3-r4
                                                                                                                                
 
                                                                                                                                v1.27.4
                                                                                                                                
+
                                                                                                                                v1.27.4
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
+
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.27.2-r0
                                                                                                                                
+
                                                                                                                                v1.27.2-r0
                                                                                                                                
 
                                                                                                                                v1.27.2
                                                                                                                                
+
                                                                                                                                v1.27.2
                                                                                                                                
 
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
+
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.27.1-r10
                                                                                                                                
+
                                                                                                                                v1.27.1-r10
                                                                                                                                
 
                                                                                                                                v1.27.2
                                                                                                                                
+
                                                                                                                                v1.27.2
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
+
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.27.1-r0
                                                                                                                                
+
                                                                                                                                v1.27.1-r0
                                                                                                                                
 
                                                                                                                                v1.27.2
                                                                                                                                
+
                                                                                                                                v1.27.2
                                                                                                                                
 
                                                                                                                                CCE clusters of v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes.
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes.
                                                                                                                                
 
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                Table 4 Release notes for the v1.25 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -322,128 +417,139 @@
 
                                                                                                                                Version 1.23
                                                                                                                                
-
                                                                                                                                Table 5 Release notes for the v1.25 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
 
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
 
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
 
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
 
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                v1.25.11-r0
                                                                                                                                
+
                                                                                                                                v1.25.16-r0
                                                                                                                                
 
                                                                                                                                v1.25.16
                                                                                                                                
+
                                                                                                                                v1.25.16
                                                                                                                                
 
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                                                                
 
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                • You can change a node password when updating its node pool.
                                                                                                                                • A node can be attached with no data disks.
                                                                                                                                • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                                                                • The default image address can be customized for Docker node pools.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.8-r0
                                                                                                                                
+
                                                                                                                                v1.25.11-r0
                                                                                                                                
 
                                                                                                                                v1.25.10
                                                                                                                                
+
                                                                                                                                v1.25.16
                                                                                                                                
 
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
+
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                v1.25.8-r0
                                                                                                                                
+
                                                                                                                                v1.25.10
                                                                                                                                
+
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.6-r4
                                                                                                                                
+
                                                                                                                                v1.25.6-r4
                                                                                                                                
 
                                                                                                                                v1.25.10
                                                                                                                                
+
                                                                                                                                v1.25.10
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
+
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.5-r0
                                                                                                                                
+
                                                                                                                                v1.25.5-r0
                                                                                                                                
 
                                                                                                                                v1.25.5
                                                                                                                                
+
                                                                                                                                v1.25.5
                                                                                                                                
 
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
+
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.4-r10
                                                                                                                                
+
                                                                                                                                v1.25.4-r10
                                                                                                                                
 
                                                                                                                                v1.25.5
                                                                                                                                
+
                                                                                                                                v1.25.5
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
+
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.4-r0
                                                                                                                                
+
                                                                                                                                v1.25.4-r0
                                                                                                                                
 
                                                                                                                                v1.25.5
                                                                                                                                
+
                                                                                                                                v1.25.5
                                                                                                                                
 
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
+
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.3-r10
                                                                                                                                
+
                                                                                                                                v1.25.3-r10
                                                                                                                                
 
                                                                                                                                v1.25.5
                                                                                                                                
+
                                                                                                                                v1.25.5
                                                                                                                                
 
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
+
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
 
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
+
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.3-r0
                                                                                                                                
+
                                                                                                                                v1.25.3-r0
                                                                                                                                
 
                                                                                                                                v1.25.5
                                                                                                                                
+
                                                                                                                                v1.25.5
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Enhanced network stability of CCE Turbo clusters when their specifications are modified.
                                                                                                                                
+
                                                                                                                                Enhanced network stability of CCE Turbo clusters when their specifications are modified.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.25.1-r0
                                                                                                                                
+
                                                                                                                                v1.25.1-r0
                                                                                                                                
 
                                                                                                                                v1.25.5
                                                                                                                                
+
                                                                                                                                v1.25.5
                                                                                                                                
 
                                                                                                                                CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
 
                                                                                                                                Table 5 Release notes for the v1.23 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -451,116 +557,116 @@
 
                                                                                                                                Version 1.21
                                                                                                                                
-
                                                                                                                                Table 6 Release notes for the v1.23 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
 
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
 
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
 
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
 
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                v1.23.16-r0
                                                                                                                                
+
                                                                                                                                v1.23.18-r10
                                                                                                                                
 
                                                                                                                                v1.23.17
                                                                                                                                
+
                                                                                                                                v1.23.18
                                                                                                                                
 
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.
                                                                                                                                
 
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                • You can change a node password when updating its node pool.
                                                                                                                                • A node can be attached with no data disks.
                                                                                                                                • When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests.
                                                                                                                                • The default image address can be customized for Docker node pools.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.13-r0
                                                                                                                                
+
                                                                                                                                v1.23.16-r0
                                                                                                                                
 
                                                                                                                                v1.23.17
                                                                                                                                
+
                                                                                                                                v1.23.17
                                                                                                                                
 
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
+
                                                                                                                                • CCE ingresses support traffic distribution based on custom HTTP headers.
                                                                                                                                • Scaling priority policies can be configured for third-party workloads.
                                                                                                                                • You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters.
                                                                                                                                • You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.
                                                                                                                                
+
                                                                                                                                • An in-progress node drainage can be canceled.
                                                                                                                                • When updating a node pool, you can change its agency name, prefix, and suffix.
                                                                                                                                • Kubernetes labels and taints of a node are retained after the node is reset.
                                                                                                                                • Both the Kubernetes service account token volume projection and the load scaling controller can be configured.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                v1.23.13-r0
                                                                                                                                
+
                                                                                                                                v1.23.17
                                                                                                                                
+
                                                                                                                                LoadBalancer Services and ingresses allow you to:
                                                                                                                                • Configure SNI.
                                                                                                                                • Enable HTTP/2.
                                                                                                                                • Configure idle timeout, request timeout, and response timeout.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.11-r4
                                                                                                                                
+
                                                                                                                                v1.23.11-r4
                                                                                                                                
 
                                                                                                                                v1.23.17
                                                                                                                                
+
                                                                                                                                v1.23.17
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
+
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.10-r0
                                                                                                                                
+
                                                                                                                                v1.23.10-r0
                                                                                                                                
 
                                                                                                                                v1.23.11
                                                                                                                                
+
                                                                                                                                v1.23.11
                                                                                                                                
 
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
+
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.9-r10
                                                                                                                                
+
                                                                                                                                v1.23.9-r10
                                                                                                                                
 
                                                                                                                                v1.23.11
                                                                                                                                
+
                                                                                                                                v1.23.11
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
+
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.9-r0
                                                                                                                                
+
                                                                                                                                v1.23.9-r0
                                                                                                                                
 
                                                                                                                                v1.23.11
                                                                                                                                
+
                                                                                                                                v1.23.11
                                                                                                                                
 
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
+
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.8-r10
                                                                                                                                
+
                                                                                                                                v1.23.8-r10
                                                                                                                                
 
                                                                                                                                v1.23.11
                                                                                                                                
+
                                                                                                                                v1.23.11
                                                                                                                                
 
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
+
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
 
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
+
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.8-r0
                                                                                                                                
+
                                                                                                                                v1.23.8-r0
                                                                                                                                
 
                                                                                                                                v1.23.11
                                                                                                                                
+
                                                                                                                                v1.23.11
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                • Enhanced Docker reliability during upgrades.
                                                                                                                                • Optimized node time synchronization.
                                                                                                                                
+
                                                                                                                                • Enhanced Docker reliability during upgrades.
                                                                                                                                • Optimized node time synchronization.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.23.5-r0
                                                                                                                                
+
                                                                                                                                v1.23.5-r0
                                                                                                                                
 
                                                                                                                                v1.23.11
                                                                                                                                
+
                                                                                                                                v1.23.11
                                                                                                                                
 
                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                • containerd is supported.
                                                                                                                                
+
                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                • containerd is supported.
                                                                                                                                
 
                                                                                                                                • Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
                                                                                                                                • Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
                                                                                                                                • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                                                
+
                                                                                                                                • Upgraded the etcd version of the master node to the Kubernetes version 3.5.6.
                                                                                                                                • Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in.
                                                                                                                                • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                                                
 
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
+
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
 
                                                                                                                                 		
 
                                                                                                                                v1.23.1-r0
                                                                                                                                
+
                                                                                                                                v1.23.1-r0
                                                                                                                                
 
                                                                                                                                v1.23.4
                                                                                                                                
+
                                                                                                                                v1.23.4
                                                                                                                                
 
                                                                                                                                CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
 
                                                                                                                                Table 6 Release notes for the v1.21 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -568,117 +674,117 @@
 
                                                                                                                                Version 1.19
                                                                                                                                
-
                                                                                                                                Table 7 Release notes for the v1.21 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
 
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
 
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
 
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
 
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                v1.21.14-r0
                                                                                                                                
+
                                                                                                                                v1.21.14-r0
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.
                                                                                                                                
+
                                                                                                                                A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21.12-r4
                                                                                                                                
+
                                                                                                                                v1.21.12-r4
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
+
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21.11-r20
                                                                                                                                
+
                                                                                                                                v1.21.11-r20
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
+
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21.11-r10
                                                                                                                                
+
                                                                                                                                v1.21.11-r10
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
+
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21.11-r0
                                                                                                                                
+
                                                                                                                                v1.21.11-r0
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
+
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21.10-r10
                                                                                                                                
+
                                                                                                                                v1.21.10-r10
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
+
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
 
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
+
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21.10-r0
                                                                                                                                
+
                                                                                                                                v1.21.10-r0
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                • Enhanced Docker reliability during upgrades.
                                                                                                                                • Optimized node time synchronization.
                                                                                                                                • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                                                
+
                                                                                                                                • Enhanced Docker reliability during upgrades.
                                                                                                                                • Optimized node time synchronization.
                                                                                                                                • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21.7-r0
                                                                                                                                
+
                                                                                                                                v1.21.7-r0
                                                                                                                                
 
                                                                                                                                v1.21.14
                                                                                                                                
+
                                                                                                                                v1.21.14
                                                                                                                                
 
                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                
+
                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                
 
                                                                                                                                Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                                                
+
                                                                                                                                Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                                                
 
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
+
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
 
                                                                                                                                 		
 
                                                                                                                                v1.21.1-r0
                                                                                                                                
+
                                                                                                                                v1.21.1-r0
                                                                                                                                
 
                                                                                                                                v1.21.7
                                                                                                                                
+
                                                                                                                                v1.21.7
                                                                                                                                
 
                                                                                                                                CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
 
                                                                                                                                
-
+
+
+
+
+
                                                                                                                                Table 7 Release notes for the v1.19 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0406.html b/docs/cce/umn/cce_10_0406.html
index c7dd6cef2..980daf48d 100644
--- a/docs/cce/umn/cce_10_0406.html
+++ b/docs/cce/umn/cce_10_0406.html
@@ -1,32 +1,37 @@
 
                                                                                                                                Cloud Native Cluster Monitoring
                                                                                                                                
-
                                                                                                                                Introduction
                                                                                                                                kube-prometheus-stack uses Prometheus-operator and Prometheus to provide easy-to-use, end-to-end Kubernetes cluster monitoring.
                                                                                                                                
+
                                                                                                                                Introduction
                                                                                                                                Cloud Native Cluster Monitoring (kube-prometheus-stack) uses Prometheus-operator and Prometheus to provide easy-to-use, end-to-end Kubernetes cluster monitoring.
                                                                                                                                
 
                                                                                                                                Open source community: https://github.com/prometheus/prometheus
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Notes and Constraints
                                                                                                                                • By default, the kube-state-metrics component of the add-on does not collect labels and annotations of Kubernetes resources. To collect these labels and annotations, manually enable the collection function in the startup parameters and check whether the corresponding metrics are added to the collection whitelist of ServiceMonitor named kube-state-metrics. For details, see Collecting All Labels and Annotations of a Pod.
                                                                                                                                • In 3.8.0 and later versions, component metrics in the kube-system and monitoring namespaces are not collected by default. If you have workloads in the two namespaces, use Pod Monitor or Service Monitor to collect these metrics.
                                                                                                                                • In 3.8.0 and later versions, etcd-server, kube-controller, kube-scheduler, autoscaler, fluent-bit, volcano-agent, volcano-scheduler and otel-collector metrics are not collected by default. Enable the collection as required.
                                                                                                                                  To enable this function, on the ConfigMaps and Secrets page, expand the dropdown list of Namespace, and select monitoring. Locate the row that contains the configuration item named persistent-user-config, and click Edit YAML in the operation column. Remove the serviceMonitorDisable or podMonitorDisable configuration in the customSettings field as required or set the configuration to an empty array.
                                                                                                                                  
+
                                                                                                                                  Notes and Constraints
                                                                                                                                  • By default, the kube-state-metrics component of the add-on does not collect labels and annotations of Kubernetes resources. To collect these labels and annotations, manually enable the collection function in the startup parameters and check whether the corresponding metrics are added to the collection trustlist of ServiceMonitor named kube-state-metrics. For details, see Collecting All Labels and Annotations of a Pod.
                                                                                                                                  • In 3.8.0 and later versions, component metrics in the kube-system and monitoring namespaces are not collected by default. If you have workloads in the two namespaces, use Pod Monitor or Service Monitor to collect these metrics.
                                                                                                                                  • In 3.8.0 and later versions, etcd-server, kube-controller, kube-scheduler, autoscaler, fluent-bit, volcano-agent, volcano-scheduler and otel-collector metrics are not collected by default. Enable the collection as required.
                                                                                                                                    To enable this function, on the ConfigMaps and Secrets page, expand the dropdown list of Namespace, and select monitoring. Locate the row that contains the configuration item named persistent-user-config, and click Edit YAML in the operation column. Remove the serviceMonitorDisable or podMonitorDisable configuration in the customSettings field as required or set the configuration to an empty array.
                                                                                                                                    
 
                                                                                                                                    ...
    customSettings:
       podMonitorDisable: []
       serviceMonitorDisable: []
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Permissions
                                                                                                                                  The node-exporter component of the kube-prometheus-stack add-on needs to read the Docker info data from the /var/run/docker.sock directory on the host for monitoring the Docker disk space.
                                                                                                                                  
+
                                                                                                                                  Permissions
                                                                                                                                  The node-exporter component of the Cloud Native Cluster Monitoring add-on needs to read the Docker info data from the /var/run/docker.sock directory on the host for monitoring the Docker disk space.
                                                                                                                                  
 
                                                                                                                                  The following permission is required for running node-exporter:
                                                                                                                                  
 
                                                                                                                                  • cap_dac_override: reads the Docker info data.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Installing the Add-on
                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Cloud Native Cluster Monitoring on the right, and click Install.
                                                                                                                                  2. On the Install Add-on page, configure the specifications.
                                                                                                                                    • Deployment Mode: This parameter is available for the Cloud Native Cluster Monitoring version 3.7.1 or later.
                                                                                                                                      • Agent mode: Few resources are required. In this mode, HPA is not supported.
                                                                                                                                      • Server mode: More resources are required. In this mode, all Cloud Native Cluster Monitoring functions are supported.
                                                                                                                                      
-
                                                                                                                                    • Containers: component instance created by the add-on. For details, see Components. You can select or customize a specification as required.
                                                                                                                                    
-
                                                                                                                                  3. Configure related parameters.
                                                                                                                                    • Interconnecting with AOM: Report Prometheus data to AOM. After this function is enabled, you can select the corresponding AOM instance. 
                                                                                                                                    • Connect to Third Party: To report Prometheus data to a third-party monitoring system, enter the address and token of the third-party monitoring system and determine whether to skip certificate authentication.
                                                                                                                                    • User-defined Metrics Service Discovery: Application metrics are automatically collected in the form of service discovery. 
                                                                                                                                    • Prometheus HA: The Prometheus-server, Prometheus-operator, thanos-query, custom-metrics-apiserver and alertmanager components are deployed in multi-instance mode in the cluster.
                                                                                                                                    • Number of collected shards: Collected targets are distributed among different Prometheus shards. This increases the upper limit of the metrics collection throughput but will consume more resources. Therefore, this parameter is recommended for large-scale clusters.
                                                                                                                                    • Collection Interval: Configure the collection interval.
                                                                                                                                    • Storage: Select the type and size of the disk for storing monitoring data. After the add-on is uninstalled, the storage volumes are not deleted if this add-on is deployed in the server mode.
                                                                                                                                       
                                                                                                                                      An available PVC named pvc-prometheus-server exists in namespace monitoring and will be used as the storage source.
                                                                                                                                      
+
                                                                                                                                      Installing the Add-on
                                                                                                                                       
                                                                                                                                      The Cloud Native Cluster Monitoring add-on automatically selects a deployment mode based on Data Storage Configuration. This is supported by Cloud Native Cluster Monitoring 3.7.1 or later.
                                                                                                                                      
+
                                                                                                                                      • Original agent mode: Disable Local data storage and enable at least one of Report Monitoring Data to AOM and Report Monitoring Data to a Third-Party Platform.
                                                                                                                                      
+
                                                                                                                                      • Original server mode: Enable Local data storage and Report Monitoring Data to AOM or Report Monitoring Data to a Third-Party Platform.
                                                                                                                                      
 
                                                                                                                                      
-
                                                                                                                                    • Scheduling Policies: Support node affinity, taint, and tolerations. Multiple scheduling policies can be configured. If no affinity node label key or toleration node taint key is configured, this function is disabled by default.
                                                                                                                                      • Range: You can select the add-on pods for which the scheduling policy takes effect. By default, the scheduling policy takes effect for all pods. If a pod is specified, the scheduling policies configured for all pods are overwritten.
                                                                                                                                      • Affinity Node Label Key: Enter a node label key to set node affinity for the add-on pods.
                                                                                                                                      • Affinity Node Label Value: Enter a node label value to set node affinity for the add-on pods.
                                                                                                                                      • Toleration Node Taint Key: A component can be scheduled to a node that has the taint key you specify.
                                                                                                                                      
+
                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Cloud Native Cluster Monitoring on the right, and click Install.
                                                                                                                                      2. On the Install Add-on page, enable at least one item in the Data Storage Configuration area.
                                                                                                                                        • Reporting Monitoring Data to AOM: Report Prometheus data to AOM. After this function is enabled, you can select the corresponding AOM instance. The collected basic metrics are free of charge. Custom metrics are charged by AOM. To interconnect with AOM, you must have certain permissions. Only users in the admin user group can perform this operation.
                                                                                                                                        • Reporting Monitoring Data to a Third-Party Platform: To report Prometheus data to a third-party monitoring system, you need to enter the address and token of the third-party monitoring system and determine whether to skip certificate authentication.
                                                                                                                                        • Local data storage: Select the type and size of a disk for storing monitoring data to store Prometheus data in PVCs in the cluster. Storage volumes are not deleted along with the add-on. If local data storage is enabled, all components will be deployed. For details, see Components.
                                                                                                                                           
                                                                                                                                          An available PVC named pvc-prometheus-server exists in namespace monitoring and will be used as the storage source.
                                                                                                                                          
+
                                                                                                                                          
+
                                                                                                                                        
+
                                                                                                                                      3. Configure the add-on specifications as needed.
                                                                                                                                        • Add-on Specifications:
                                                                                                                                          • If you selected Preset, the system will configure the number of pods and resource quotas for the add-on based on the preset specifications. You can see the configurations on the console.
                                                                                                                                          • If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on instance runs, the add-on will fail.
                                                                                                                                          
+
                                                                                                                                        • Prometheus HA: The Prometheus-server, Prometheus-operator, thanos-query, custom-metrics-apiserver, alertmanager, and kube-state-metrics components are deployed in multi-instance mode in the cluster.
                                                                                                                                        • Number of collected shards (available after Local data storage is disabled): When there is a lot of Prometheus data, you can configure this parameter to spread the data across a specific number of Prometheus instances. This will help with storage and querying. Increasing the number of shards reduces the data volume carried by each shard. This can increase the upper limit of the metric collection throughput and cause more resources to be consumed. You are advised to increase shards when the cluster scale is large to improve the collection performance. In addition, you need to consider the impact of resource usage and optimize it based on specific scenarios.
                                                                                                                                        
+
                                                                                                                                      4. Configure the add-on parameters.
                                                                                                                                        • Custom Metric Collection: Application metrics are automatically collected in the form of service discovery. After this function is enabled, you need to add related configurations to the target application. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                                                        • Collection Interval: Configure the collection interval.
                                                                                                                                        • Data Retention (available only after Local data storage is enabled): Configure how long the monitoring data can be kept.
                                                                                                                                        • node-exporter Listening Port: This port uses the host network to listen to and expose metrics on the node for Prometheus collection. The default port number is 9100, but it can be modified if there is a conflict with an existing port.
                                                                                                                                        • Scheduling Policies: Support node affinity, taint, and tolerations. Multiple scheduling policies can be configured. If no affinity node label key or toleration node taint key is configured, this function is disabled by default.
                                                                                                                                          • Range: You can select the add-on pods for which the scheduling policy takes effect. By default, the scheduling policy takes effect for all pods. If a pod is specified, the scheduling policies configured for all pods are overwritten.
                                                                                                                                          • Affinity Node Label Key: Enter a node label key to set node affinity for the add-on pods.
                                                                                                                                          • Affinity Node Label Value: Enter a node label value to set node affinity for the add-on pods.
                                                                                                                                          • Toleration Node Taint Key: A component can be scheduled to a node that has the taint key you specified.
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                      5. Click Install.
                                                                                                                                        After the add-on is installed, you may need to perform the following operations:
                                                                                                                                        
-
+
                                                                                                                                        • To use custom metrics to create an auto scaling policy, ensure that local data storage is enabled for the add-on and then take the following steps:
                                                                                                                                          1. Collect custom metrics reported by applications to Prometheus. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
                                                                                                                                          2. Aggregate these custom metrics collected by Prometheus to the API server for the HPA policy to use. For details, see Creating an HPA Policy Using Custom Metrics.
                                                                                                                                          
+
                                                                                                                                        • To provide system resource metrics (such as CPU and memory usage) for workload auto scaling using this add-on, ensure that local data storage is enabled for the add-on and then enable the Metrics API. For details, see Providing Resource Metrics Through the Metrics API. After the configuration, you can use Prometheus to collect system resource metrics. (This operation is not recommended because it may conflict with the Kubernetes Metric Server add-on.)
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                  
-
                                                                                                                                  Components
                                                                                                                                  All Kubernetes resources created during kube-prometheus-stack add-on installation are created in the namespace named monitoring.
                                                                                                                                  
+
                                                                                                                                  Components
                                                                                                                                  All Kubernetes resources created during Cloud Native Cluster Monitoring add-on installation are created in the namespace named monitoring.
                                                                                                                                  
 
 
                                                                                                                                Table 8 Release notes for the v1.19 patch
                                                                                                                                CCE Cluster Patch Version
                                                                                                                                
 
                                                                                                                                Kubernetes Version
                                                                                                                                
+
                                                                                                                                Kubernetes Version
                                                                                                                                
 
                                                                                                                                Feature Updates
                                                                                                                                
+
                                                                                                                                Feature Updates
                                                                                                                                
 
                                                                                                                                Optimization
                                                                                                                                
+
                                                                                                                                Optimization
                                                                                                                                
 
                                                                                                                                Vulnerability Fixing
                                                                                                                                
+
                                                                                                                                Vulnerability Fixing
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                1.19.16-r84
                                                                                                                                
+
                                                                                                                                1.19.16-r84
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
+
                                                                                                                                Fixed CVE-2024-21626 issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.19.16-r60
                                                                                                                                
+
                                                                                                                                v1.19.16-r60
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
+
                                                                                                                                • Volcano supports node pool affinity scheduling. 
                                                                                                                                • Volcano supports workload rescheduling. 
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.19.16-r50
                                                                                                                                
+
                                                                                                                                v1.19.16-r50
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
+
                                                                                                                                Optimized the events generated during node pool scaling.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.19.16-r40
                                                                                                                                
+
                                                                                                                                v1.19.16-r40
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
+
                                                                                                                                • Both soft eviction and hard eviction are supported in node pool configurations.
                                                                                                                                • TMS tags can be added to automatically created EVS disks to facilitate cost management.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.19.16-r30
                                                                                                                                
+
                                                                                                                                v1.19.16-r30
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
+
                                                                                                                                The timeout interval can be configured for a load balancer. 
                                                                                                                                
 
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
+
                                                                                                                                High-frequency parameters of kube-apiserver are configurable.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.19.16-r20
                                                                                                                                
+
                                                                                                                                v1.19.16-r20
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                • Cloud Native 2.0 Networks allow you to specify subnets for a namespace.
                                                                                                                                • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                                                • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.
                                                                                                                                
+
                                                                                                                                • Cloud Native 2.0 Networks allow you to specify subnets for a namespace.
                                                                                                                                • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                                                • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.
                                                                                                                                
 
                                                                                                                                Fixed some security issues.
                                                                                                                                
+
                                                                                                                                Fixed some security issues.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.19.16-r4
                                                                                                                                
+
                                                                                                                                v1.19.16-r4
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                
+
                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                
 
                                                                                                                                • Scheduling is optimized on taint nodes.
                                                                                                                                • Enhanced the long-term running stability of containerd when cores are bound.
                                                                                                                                • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                                                • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                                                
+
                                                                                                                                • Scheduling is optimized on taint nodes.
                                                                                                                                • Enhanced the long-term running stability of containerd when cores are bound.
                                                                                                                                • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                                                • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                                                
 
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
+
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
 
                                                                                                                                 		
 
                                                                                                                                v1.19.16-r0
                                                                                                                                
+
                                                                                                                                v1.19.16-r0
                                                                                                                                
 
                                                                                                                                v1.19.16
                                                                                                                                
+
                                                                                                                                v1.19.16
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.
                                                                                                                                
+
                                                                                                                                Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.
                                                                                                                                
 
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
+
                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                
 
                                                                                                                                 		
 
                                                                                                                                v1.19.10-r0
                                                                                                                                
+
                                                                                                                                v1.19.10-r0
                                                                                                                                
 
                                                                                                                                v1.19.10
                                                                                                                                
+
                                                                                                                                v1.19.10
                                                                                                                                
 
                                                                                                                                CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.
                                                                                                                                
+
                                                                                                                                CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
 
                                                                                                                                None
                                                                                                                                
+
                                                                                                                                None
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
                                                                                                                                 
 
 
                                                                                                                                
@@ -43,7 +48,7 @@
 
-
@@ -53,7 +58,7 @@
 
-
@@ -63,7 +68,7 @@
 
-
@@ -72,7 +77,7 @@
 
-
@@ -81,7 +86,7 @@
 
-
@@ -91,7 +96,7 @@
 
-
@@ -103,7 +108,7 @@
 
                                                                                                                                 NOTE: 
                                                                                                                                If the components run in multiple pods, only one pod provides metrics.
                                                                                                                                
 
                                                                                                                                
-
@@ -113,7 +118,7 @@
 
-
@@ -123,7 +128,7 @@
 
-
@@ -132,9 +137,11 @@
 
                                                                                                                                Table 1 Add-on components
                                                                                                                                Component
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deploys and manages the Prometheus Server based on CustomResourceDefinitions (CRDs), and monitors and processes the events related to these CRDs. It is the control center of the entire system.
                                                                                                                                
 
                                                                                                                                Agent/Server
                                                                                                                                
+
                                                                                                                                All
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deployment
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                A Prometheus Server cluster deployed by the operator based on the Prometheus CRDs that can be regarded as StatefulSets.
                                                                                                                                
 
                                                                                                                                Agent/Server
                                                                                                                                
+
                                                                                                                                All
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                StatefulSet
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Alarm center of the add-on. It receives alarms sent by Prometheus and manages alarm information by deduplicating, grouping, and distributing.
                                                                                                                                
 
                                                                                                                                Server
                                                                                                                                
+
                                                                                                                                Local data storage enabled
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                StatefulSet
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Available only in HA mode. Runs with prometheus-server in the same pod to implement persistent storage of Prometheus metric data.
                                                                                                                                
 
                                                                                                                                Server
                                                                                                                                
+
                                                                                                                                Local data storage enabled
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Container
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Available only in HA mode. Entry for PromQL query when Prometheus is in HA scenarios. It can delete duplicate metrics from Store or Prometheus.
                                                                                                                                
 
                                                                                                                                Server
                                                                                                                                
+
                                                                                                                                Local data storage enabled
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deployment
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Aggregates custom metrics to the native Kubernetes API Server.
                                                                                                                                
 
                                                                                                                                Server
                                                                                                                                
+
                                                                                                                                Local data storage enabled
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deployment
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Agent/Server
                                                                                                                                
+
                                                                                                                                All
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deployment
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deployed on each node to collect node monitoring data.
                                                                                                                                
 
                                                                                                                                Agent/Server
                                                                                                                                
+
                                                                                                                                All
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                DaemonSet
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Monitors cluster exceptions.
                                                                                                                                
 
                                                                                                                                Server
                                                                                                                                
+
                                                                                                                                Local data storage enabled
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Deployment
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
 
-
                                                                                                                                Providing Resource Metrics Through the Metrics API
                                                                                                                                Resource metrics of containers and nodes, such as CPU and memory usage, can be obtained through the Kubernetes Metrics API. Resource metrics can be directly accessed, for example, by using the kubectl top command, or used by HPA or CustomedHPA policies for auto scaling.
                                                                                                                                
-
                                                                                                                                The add-on can provide the Kubernetes Metrics API that is disabled by default. To enable the API, create the following APIService object:
                                                                                                                                
-
                                                                                                                                apiVersion: apiregistration.k8s.io/v1
+
                                                                                                                                Providing Resource Metrics Through the Metrics API
                                                                                                                                 
                                                                                                                                Resource metrics can only be provided through Metrics API if local data storage is enabled for the Cloud Native Cluster Monitoring add-on.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Resource metrics of containers and nodes, such as CPU and memory usage, can be obtained through the Kubernetes Metrics API. Resource metrics can be directly accessed, for example, by using the kubectl top command, or used by HPA or CustomedHPA policies for auto scaling.
                                                                                                                                
+
                                                                                                                                The add-on can provide the Kubernetes Metrics API that is disabled by default. To enable the Metrics API, create the following APIService object:
                                                                                                                                
+
                                                                                                                                apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
   labels:
@@ -151,19 +158,19 @@ spec:
     port: 443
   version: v1beta1
   versionPriority: 100
                                                                                                                                
-
                                                                                                                                You can save the object as a file, name it metrics-apiservice.yaml, and run the following command:
                                                                                                                                
-
                                                                                                                                kubectl create -f metrics-apiservice.yaml
                                                                                                                                
-
                                                                                                                                Run the kubectl top pod -n monitoring command. If the following information is displayed, the Metrics API can be accessed:
                                                                                                                                
-
                                                                                                                                # kubectl top pod -n monitoring
+
                                                                                                                                You can save the object as a file, name it metrics-apiservice.yaml, and run the following command:
                                                                                                                                
+
                                                                                                                                kubectl create -f metrics-apiservice.yaml
                                                                                                                                
+
                                                                                                                                Run the kubectl top pod -n monitoring command. If information similar to the following is displayed, the Metrics API can be accessed:
                                                                                                                                
+
                                                                                                                                # kubectl top pod -n monitoring
 NAME                                                      CPU(cores)   MEMORY(bytes)
 ......
 custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 ......
                                                                                                                                
-
                                                                                                                                 
                                                                                                                                To uninstall the add-on, run the following kubectl command and delete the APIService object. Otherwise, the metrics-server add-on cannot be installed due to residual APIService resources.
                                                                                                                                
-
                                                                                                                                kubectl delete APIService v1beta1.metrics.k8s.io
                                                                                                                                
+
                                                                                                                                 
                                                                                                                                To uninstall the add-on, run the following kubectl command and delete the APIService object. Otherwise, residual APIService resources may prevent the installation of the Kubernetes Metrics Server add-on.
                                                                                                                                
+
                                                                                                                                kubectl delete APIService v1beta1.metrics.k8s.io
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Creating an HPA Policy Using Custom Metrics
                                                                                                                                HPA policies can only be used when Cloud Native Cluster Monitoring is deployed in the server mode. You can configure custom metrics required by HPA policies in the user-adapter-config ConfigMap.
                                                                                                                                
+
                                                                                                                                Creating an HPA Policy Using Custom Metrics
                                                                                                                                HPA policies can only be used when Cloud Native Cluster Monitoring is deployed with local data storage enabled. You can configure custom metrics required by HPA policies in the user-adapter-config ConfigMap.
                                                                                                                                
 
                                                                                                                                 
                                                                                                                                To use Prometheus to monitor custom metrics, the application needs to provide a metric monitoring API. For details, see Prometheus Monitoring Data Collection.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                In this section, the nginx metric (nginx_connections_accepted) in Monitoring Custom Metrics Using Cloud Native Cluster Monitoring is used as an example.
                                                                                                                                
@@ -188,7 +195,7 @@ custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 
                                                                                                                                
 
                                                                                                                              • Redeploy the custom-metrics-apiserver workload in the monitoring namespace.
                                                                                                                              • In the navigation pane, choose Workloads. Locate the workload for which you want to create an HPA policy and choose More > Auto Scaling. In the Custom Policy area, you can select the preceding parameters to create an auto scaling policy.
                                                                                                                                • 
 
                                                                                                                                
-
                                                                                                                                Collecting All Labels and Annotations of a Pod
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                                                2. Switch to the monitoring namespace, click the Deployments tab, and click the name of the kube-state-metrics workload. On the page displayed, click the Containers tab and click Edit on the right.
                                                                                                                                3. In the Lifecycle area of the container settings, edit the startup command.
                                                                                                                                  To collect labels, add the following information to the end of the original kube-state-metrics startup parameter:
                                                                                                                                  --metric-labels-allowlist=pods=[*],nodes=[node,failure-domain.beta.kubernetes.io/zone,topology.kubernetes.io/zone]
                                                                                                                                  
+
                                                                                                                                  Collecting All Labels and Annotations of a Pod
                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                                                  2. Switch to the monitoring namespace, click the Deployments tab, and click the name of the kube-state-metrics workload. On the page displayed, click the Containers tab and click Edit on the right.
                                                                                                                                  3. In the Lifecycle area of the container settings, edit the startup command.
                                                                                                                                    To collect labels, add the following information to the end of the original kube-state-metrics startup parameter:
                                                                                                                                    --metric-labels-allowlist=pods=[*],nodes=[node,failure-domain.beta.kubernetes.io/zone,topology.kubernetes.io/zone]
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    To collect annotations, add parameters in the startup parameters in the same way.
                                                                                                                                    --metric-annotations-allowlist=pods=[*],nodes=[node,failure-domain.beta.kubernetes.io/zone,topology.kubernetes.io/zone]
                                                                                                                                    
 
                                                                                                                                    
@@ -209,7 +216,22 @@ custom-metrics-apiserver-d4f556ff9-l2j2m                  38m          44Mi
 
                                                                                                                                		
 
                                                                                                                                
 
                                                                                                                                3.10.1
                                                                                                                                
+
                                                                                                                                3.11.0
                                                                                                                                
+
                                                                                                                                v1.21
                                                                                                                                
+
                                                                                                                                v1.23
                                                                                                                                
+
                                                                                                                                v1.25
                                                                                                                                
+
                                                                                                                                v1.27
                                                                                                                                
+
                                                                                                                                v1.28
                                                                                                                                
+
                                                                                                                                v1.29
                                                                                                                                
+
                                                                                                                                v1.30
                                                                                                                                
+
                                                                                                                                CCE clusters 1.30 are supported.
                                                                                                                                
+
                                                                                                                                2.37.8
                                                                                                                                
+
                                                                                                                                3.10.1
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                v1.21
                                                                                                                                
 
                                                                                                                                v1.23
                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0415.html b/docs/cce/umn/cce_10_0415.html
index cc872b36a..a28e82bc8 100644
--- a/docs/cce/umn/cce_10_0415.html
+++ b/docs/cce/umn/cce_10_0415.html
@@ -2,154 +2,157 @@
 
 
                                                                                                                                Creating a Scheduled CronHPA Policy
                                                                                                                                
 
                                                                                                                                There are predictable and unpredictable traffic peaks for some services. For such services, CCE CronHPA allows you to scale resources in fixed periods. It can work with HPA policies to periodically adjust the HPA scaling scope, implementing workload scaling.
                                                                                                                                
-
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                CronHPA can periodically adjust the maximum and minimum numbers of pods in the HPA policy or directly adjust the number of pods of a Deployment.
                                                                                                                                
 
                                                                                                                                Prerequisites
                                                                                                                                The add-on CCE Advanced HPA of v1.2.13 or later has been installed.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                Using CronHPA to Adjust the HPA Scaling Scope
                                                                                                                                CronHPA can periodically scale out/in pods in HPA policies to satisfy complex services.
                                                                                                                                
 
                                                                                                                                HPA and CronHPA associate scaling objects using the scaleTargetRef field. If a Deployment is the scaling object for both CronHPA and HPA, the two scaling policies are independent of each other. The operation performed later overwrites the operation performed earlier. As a result, the scaling effect does not meet the expectation.
                                                                                                                                
-
                                                                                                                                
+
                                                                                                                                
 
                                                                                                                                When CronHPA and HPA are used together, CronHPA rules take effect based on the HPA policy. CronHPA uses HPA to perform operations on the Deployment. Understanding the following parameters can better understand the working rules of the CronHPA.
                                                                                                                                
 
                                                                                                                                • targetReplicas: Number of pods set for CronHPA. When CronHPA takes effect, this parameter adjusts the maximum or minimum number of pods in HPA policies to adjust the number of Deployment pods.
                                                                                                                                • minReplicas: Minimum number of Deployment pods.
                                                                                                                                • maxReplicas: Maximum number of Deployment pods.
                                                                                                                                • replicas: Number of pods in a Deployment before the CronHPA policy takes effect.
                                                                                                                                
 
                                                                                                                                When the CronHPA rule takes effect, the maximum or minimum number of pods are adjusted by comparing the number of targetReplicas with the actual number of pods and combining the minimum or maximum number of pods in the HPA policy.
                                                                                                                                
-
                                                                                                                                Figure 1 CronHPA scaling scenarios
                                                                                                                                
+
                                                                                                                                Figure 1 CronHPA scaling scenarios
                                                                                                                                
 
                                                                                                                                Figure 1 shows possible scaling scenarios. The following examples detail how CronHPA modifies the number of pods in HPAs.
                                                                                                                                
 
-
                                                                                                                                Table 1 CronHPA scaling parameters
                                                                                                                                Scenario
                                                                                                                                
+
                                                                                                                                
-
-
-
-
-
+
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -187,9 +190,9 @@
 
-
                                                                                                                                Table 1 CronHPA scaling parameters
                                                                                                                                Scenario
                                                                                                                                
 
                                                                                                                                Scenario Description
                                                                                                                                
+
                                                                                                                                Scenario Description
                                                                                                                                
 
                                                                                                                                CronHPA
                                                                                                                                
-
                                                                                                                                (targetReplicas)
                                                                                                                                
+
                                                                                                                                Scaling Condition
                                                                                                                                
 
                                                                                                                                Deployment
                                                                                                                                
-
                                                                                                                                (replicas)
                                                                                                                                
+
                                                                                                                                Result
                                                                                                                                
 
                                                                                                                                HPA
                                                                                                                                
-
                                                                                                                                (minReplicas/maxReplicas)
                                                                                                                                
+
                                                                                                                                Operation Description
                                                                                                                                
 
                                                                                                                                Result
                                                                                                                                
+
                                                                                                                                Target CronHPA Pods
                                                                                                                                
+
                                                                                                                                (targetReplicas)
                                                                                                                                
 
                                                                                                                                Operation Description
                                                                                                                                
+
                                                                                                                                Deployment Pods
                                                                                                                                
+
                                                                                                                                (replicas)
                                                                                                                                
+
                                                                                                                                Upper and Lower Limits of HPA Pods
                                                                                                                                
+
                                                                                                                                (minReplicas/maxReplicas)
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                1
                                                                                                                                
+
                                                                                                                                1
                                                                                                                                
 
                                                                                                                                targetReplicas < minReplicas ≤ replicas ≤ maxReplicas
                                                                                                                                
+
                                                                                                                                targetReplicas < minReplicas ≤ replicas ≤ maxReplicas
                                                                                                                                
 
                                                                                                                                4
                                                                                                                                
+
                                                                                                                                4
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                5/10
                                                                                                                                
+
                                                                                                                                5/10
                                                                                                                                
 
                                                                                                                                HPA: 4/10
                                                                                                                                
-
                                                                                                                                Deployments: 5
                                                                                                                                
+
                                                                                                                                HPA: 4/10
                                                                                                                                
+
                                                                                                                                Deployment: 5
                                                                                                                                
 
                                                                                                                                When the value of targetReplicas is smaller than that of minReplicas:
                                                                                                                                
+
                                                                                                                                When the value of targetReplicas is smaller than that of minReplicas:
                                                                                                                                
 
                                                                                                                                • Change the value of minReplicas.
                                                                                                                                • The value of replicas requires no change.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                2
                                                                                                                                
+
                                                                                                                                2
                                                                                                                                
 
                                                                                                                                targetReplicas = minReplicas ≤ replicas ≤ maxReplicas
                                                                                                                                
+
                                                                                                                                targetReplicas = minReplicas ≤ replicas ≤ maxReplicas
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                6
                                                                                                                                
+
                                                                                                                                6
                                                                                                                                
 
                                                                                                                                5/10
                                                                                                                                
+
                                                                                                                                5/10
                                                                                                                                
 
                                                                                                                                HPA: 5/10
                                                                                                                                
-
                                                                                                                                Deployments: 6
                                                                                                                                
+
                                                                                                                                HPA: 5/10
                                                                                                                                
+
                                                                                                                                Deployment: 6
                                                                                                                                
 
                                                                                                                                When the value of targetReplicas is equal to that of minReplicas:
                                                                                                                                
+
                                                                                                                                When the value of targetReplicas is equal to that of minReplicas:
                                                                                                                                
 
                                                                                                                                • The value of minReplicas requires no change.
                                                                                                                                • The value of replicas requires no change.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                3
                                                                                                                                
+
                                                                                                                                3
                                                                                                                                
 
                                                                                                                                minReplicas < targetReplicas < replicas ≤ maxReplicas
                                                                                                                                
+
                                                                                                                                minReplicas < targetReplicas < replicas ≤ maxReplicas
                                                                                                                                
 
                                                                                                                                4
                                                                                                                                
+
                                                                                                                                4
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                1/10
                                                                                                                                
+
                                                                                                                                1/10
                                                                                                                                
 
                                                                                                                                HPA: 4/10
                                                                                                                                
-
                                                                                                                                Deployments: 5
                                                                                                                                
+
                                                                                                                                HPA: 4/10
                                                                                                                                
+
                                                                                                                                Deployment: 5
                                                                                                                                
 
                                                                                                                                When the value of targetReplicas is greater than that of minReplicas and smaller than that of replicates:
                                                                                                                                
+
                                                                                                                                When the value of targetReplicas is greater than that of minReplicas and smaller than that of replicates:
                                                                                                                                
 
                                                                                                                                • Change the value of minReplicas.
                                                                                                                                • The value of replicas requires no change.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                4
                                                                                                                                
+
                                                                                                                                4
                                                                                                                                
 
                                                                                                                                minReplicas < targetReplicas = replicas < maxReplicas
                                                                                                                                
+
                                                                                                                                minReplicas < targetReplicas = replicas < maxReplicas
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                1/10
                                                                                                                                
+
                                                                                                                                1/10
                                                                                                                                
 
                                                                                                                                HPA: 5/10
                                                                                                                                
-
                                                                                                                                Deployments: 5
                                                                                                                                
+
                                                                                                                                HPA: 5/10
                                                                                                                                
+
                                                                                                                                Deployment: 5
                                                                                                                                
 
                                                                                                                                When the value of targetReplicas is greater than that of minReplicas and equal to that of replicates:
                                                                                                                                
+
                                                                                                                                When the value of targetReplicas is greater than that of minReplicas and equal to that of replicates:
                                                                                                                                
 
                                                                                                                                • Change the value of minReplicas.
                                                                                                                                • The value of replicas requires no change.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                minReplicas ≤ replicas < targetReplicas < maxReplicas
                                                                                                                                
+
                                                                                                                                minReplicas ≤ replicas < targetReplicas < maxReplicas
                                                                                                                                
 
                                                                                                                                6
                                                                                                                                
+
                                                                                                                                6
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                1/10
                                                                                                                                
+
                                                                                                                                1/10
                                                                                                                                
 
                                                                                                                                HPA: 6/10
                                                                                                                                
-
                                                                                                                                Deployments: 6
                                                                                                                                
+
                                                                                                                                HPA: 6/10
                                                                                                                                
+
                                                                                                                                Deployment: 6
                                                                                                                                
 
                                                                                                                                When the value of targetReplicas is greater than that of replicates and less than that of maxReplicas:
                                                                                                                                
+
                                                                                                                                When the value of targetReplicas is greater than that of replicates and less than that of maxReplicas:
                                                                                                                                
 
                                                                                                                                • Change the value of minReplicas.
                                                                                                                                • Change the value of replicas.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                6
                                                                                                                                
+
                                                                                                                                6
                                                                                                                                
 
                                                                                                                                minReplicas ≤ replicas < targetReplicas = maxReplicas
                                                                                                                                
+
                                                                                                                                minReplicas ≤ replicas < targetReplicas = maxReplicas
                                                                                                                                
 
                                                                                                                                10
                                                                                                                                
+
                                                                                                                                10
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                1/10
                                                                                                                                
+
                                                                                                                                1/10
                                                                                                                                
 
                                                                                                                                HPA: 10/10
                                                                                                                                
-
                                                                                                                                Deployments: 10
                                                                                                                                
+
                                                                                                                                HPA: 10/10
                                                                                                                                
+
                                                                                                                                Deployment: 10
                                                                                                                                
 
                                                                                                                                When the value of targetReplicas is greater than that of replicates and equal to that of maxReplicas:
                                                                                                                                
+
                                                                                                                                When the value of targetReplicas is greater than that of replicates and equal to that of maxReplicas:
                                                                                                                                
 
                                                                                                                                • Change the value of minReplicas.
                                                                                                                                • Change the value of replicas.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                7
                                                                                                                                
+
                                                                                                                                7
                                                                                                                                
 
                                                                                                                                minReplicas ≤ replicas ≤ maxReplicas < targetReplicas
                                                                                                                                
+
                                                                                                                                minReplicas ≤ replicas ≤ maxReplicas < targetReplicas
                                                                                                                                
 
                                                                                                                                11
                                                                                                                                
+
                                                                                                                                11
                                                                                                                                
 
                                                                                                                                5
                                                                                                                                
+
                                                                                                                                5
                                                                                                                                
 
                                                                                                                                5/10
                                                                                                                                
+
                                                                                                                                5/10
                                                                                                                                
 
                                                                                                                                HPA: 11/11
                                                                                                                                
-
                                                                                                                                Deployments: 11
                                                                                                                                
+
                                                                                                                                HPA: 11/11
                                                                                                                                
+
                                                                                                                                Deployment: 11
                                                                                                                                
 
                                                                                                                                When the value of targetReplicas is greater than that of maxReplicas:
                                                                                                                                
+
                                                                                                                                When the value of targetReplicas is greater than that of maxReplicas:
                                                                                                                                
 
                                                                                                                                • Change the value of minReplicas.
                                                                                                                                • Change the value of maxReplicas.
                                                                                                                                • Change the value of replicas.
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                
 
                                                                                                                                System Policy
                                                                                                                                
 
                                                                                                                                • Metric: You can select CPU usage or Memory usage.
                                                                                                                                   NOTE: 
                                                                                                                                  Usage = CPUs or memory used by pods/Requested CPUs or memory.
                                                                                                                                  
+
                                                                                                                                • Metric: You can select CPU usage or Memory usage.
                                                                                                                                   NOTE: 
                                                                                                                                  Usage = Average resource usage of all pods in a workload/Requested resources
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                • Desired Value: Enter the desired average resource usage.
                                                                                                                                  This parameter indicates the desired value of the selected metric. Number of pods to be scaled (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                                                                                                  
+
                                                                                                                                • Desired Value: Enter the desired average resource usage.
                                                                                                                                  This parameter indicates the desired value of the selected metric. Number of target pods (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                                                                                                  
 
                                                                                                                                   NOTE: 
                                                                                                                                  When calculating the number of pods to be added or reduced, the HPA policy uses the maximum number of pods in the last 5 minutes.
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                • Tolerance Range: Scaling is not triggered when the metric value is within the tolerance range. The desired value must be within the tolerance range.
                                                                                                                                  If the metric value is greater than the scale-in threshold and less than the scale-out threshold, no scaling is triggered. This parameter is supported only in clusters of v1.15 or later.
                                                                                                                                  
@@ -209,7 +212,7 @@
 
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                              • Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                                
+
                                                                                                                              • Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                                
 
                                                                                                                                Table 3 CronHPA policy parameters
                                                                                                                                Parameter
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Description
                                                                                                                                
@@ -321,7 +324,7 @@ spec:
 
                                                                                                                                Using CronHPA to Directly Adjust the Number of Deployment Pods
                                                                                                                                CronHPA adjusts associated Deployments separately to periodically adjust the number of Deployment pods. The method is as follows:
                                                                                                                                
 
                                                                                                                                Using the CCE console
                                                                                                                                
 
                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                2. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                                                                                                                3. Set Policy Type to HPA+CronHPA, disable HPA, and enable CronHPA.
                                                                                                                                  CronHPA periodically adjusts the number of workload pods.
                                                                                                                                  
-
                                                                                                                                4. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                                  
+
                                                                                                                                5. Click  in the CronHPA policy rule. In the dialog box displayed, configure scaling policy parameters.
                                                                                                                                  
 
                                                                                                                                  Table 5 CronHPA policy parameters
                                                                                                                                  Parameter
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Description
                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0425.html b/docs/cce/umn/cce_10_0425.html
index 668547b4c..cc4a44190 100644
--- a/docs/cce/umn/cce_10_0425.html
+++ b/docs/cce/umn/cce_10_0425.html
@@ -1,61 +1,57 @@
 
 
 
                                                                                                                                  NUMA Affinity Scheduling
                                                                                                                                  
-
                                                                                                                                  Background
                                                                                                                                  When a node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and work fine without any intervention. However, in workloads where CPU cache affinity and scheduling latency significantly affect workload performance, additional latency will occur when CPU cores are from different NUMA nodes. To resolve this issue, kubelet allows you to use Topology Manager to replace the CPU management policies to determine node allocation.
                                                                                                                                  
-
                                                                                                                                  Both the CPU Manager and Topology Manager are kubelet components, but they have the following limitations:
                                                                                                                                  
-
                                                                                                                                  • The scheduler is not topology-aware. Therefore, the workload may be scheduled on a node and then fail on the node due to the Topology Manager. This is unacceptable for TensorFlow jobs. If any worker or ps failed on node, the job will fail.
                                                                                                                                  • The managers are node-level that results in an inability to match the best node for NUMA topology in the whole cluster.
                                                                                                                                  
-
                                                                                                                                  Volcano targets to lift the limitation to make scheduler NUMA topology aware so that:
                                                                                                                                  
-
                                                                                                                                  • Pods are not scheduled to the nodes that NUMA topology does not match.
                                                                                                                                  • Pods are scheduled to the most suitable node for NUMA topology.
                                                                                                                                  
+
                                                                                                                                  In non-uniform memory access (NUMA) architecture, a NUMA node is a fundamental component that includes a processor and local memory. These nodes are physically separate but interconnected through a high-speed bus to form a complete system. To boost system performance, NUMA nodes allow for quicker access to local memory. However, accessing memory across multiple NUMA nodes within a node can cause delays. To enhance memory access efficiency and overall performance, it is crucial to optimize task scheduling and memory allocation.
                                                                                                                                  
+
                                                                                                                                  When working with high-performance computing (HPC), real-time applications, or memory-intensive workloads that require frequent communication between CPUs, accessing nodes across NUMA in a cloud native environment can lead to decreased system performance due to increased latency and overhead. Volcano's NUMA affinity scheduling resolves the issue by scheduling pods to the worker node that requires the least number of cross-NUMA nodes. This reduces data transmission overheads, optimizes resource utilization, and enhances overall system performance.
                                                                                                                                  
 
                                                                                                                                  For more information, see https://github.com/volcano-sh/volcano/blob/master/docs/design/numa-aware.md.
                                                                                                                                  
+
                                                                                                                                  Prerequisites
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Application Scope
                                                                                                                                  • CPU resource topology scheduling
                                                                                                                                  • Pod-level topology policies
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  Pod Scheduling Prediction
                                                                                                                                  After a topology policy is configured for pods, Volcano predicts matched nodes based on the topology policy. The scheduling process is as follows:
                                                                                                                                  
+
                                                                                                                                  Pod Scheduling Process
                                                                                                                                  After a topology policy is configured for pods, Volcano predicts the nodes that match the policy. For details about how to configure a pod topology policy, see Example of NUMA Affinity Scheduling. The scheduling process is as follows:
                                                                                                                                  
 
                                                                                                                                  1. Volcano filters nodes with the same policy based on the topology policy configured for pods. The topology policy provided by Volcano is the same as that provided by the topology manager.
                                                                                                                                  2. Among the nodes where the same policy applies, Volcano selects the nodes whose CPU topology meets the policy requirements for scheduling.
                                                                                                                                  
 
-
                                                                                                                                  Volcano Topology Policy
                                                                                                                                  
+
                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -63,58 +59,83 @@
 
                                                                                                                                  For example, two NUMA nodes provide resources, each with a total of 32 CPU cores. The following table lists resource allocation.
                                                                                                                                  
 
-
                                                                                                                                  Pod Topology Policy
                                                                                                                                  
 
                                                                                                                                  Node Scheduling
                                                                                                                                  
+
                                                                                                                                  How to Filter Nodes During Pod Scheduling
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  1. Filter nodes with the same policy.
                                                                                                                                  
+
                                                                                                                                  1. Filter nodes that meet the topology policy set for the pod.
                                                                                                                                  
 
                                                                                                                                  2. Check whether node's CPU topology meets the policy requirements.
                                                                                                                                  
+
                                                                                                                                  2. Further filter the node whose CPU topology meets the policy.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
 
                                                                                                                                  none
                                                                                                                                  
+
                                                                                                                                  none
                                                                                                                                  
 
                                                                                                                                  No filtering:
                                                                                                                                  
+
                                                                                                                                  Nodes with the following topology policies will not be filtered during scheduling:
                                                                                                                                  
 
                                                                                                                                  • none: schedulable
                                                                                                                                  • best-effort: schedulable
                                                                                                                                  • restricted: schedulable
                                                                                                                                  • single-numa-node: schedulable
                                                                                                                                  
 
                                                                                                                                  None
                                                                                                                                  
+
                                                                                                                                  None
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  best-effort
                                                                                                                                  
+
                                                                                                                                  best-effort
                                                                                                                                  
 
                                                                                                                                  Filter the nodes with the best-effort topology policy.
                                                                                                                                  
+
                                                                                                                                  Nodes with the best-effort topology policy will be filtered.
                                                                                                                                  
 
                                                                                                                                  • none: unschedulable
                                                                                                                                  • best-effort: schedulable
                                                                                                                                  • restricted: unschedulable
                                                                                                                                  • single-numa-node: unschedulable
                                                                                                                                  
 
                                                                                                                                  Best-effort scheduling:
                                                                                                                                  
+
                                                                                                                                  Best-effort scheduling:
                                                                                                                                  
 
                                                                                                                                  Pods are preferentially scheduled to a single NUMA node. If a single NUMA node cannot meet the requested CPU cores, the pods can be scheduled to multiple NUMA nodes.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  restricted
                                                                                                                                  
+
                                                                                                                                  restricted
                                                                                                                                  
 
                                                                                                                                  Filter the nodes with the restricted topology policy.
                                                                                                                                  
+
                                                                                                                                  Nodes with the restricted topology policy will be filtered.
                                                                                                                                  
 
                                                                                                                                  • none: unschedulable
                                                                                                                                  • best-effort: unschedulable
                                                                                                                                  • restricted: schedulable
                                                                                                                                  • single-numa-node: unschedulable
                                                                                                                                  
 
                                                                                                                                  Restricted scheduling:
                                                                                                                                  
+
                                                                                                                                  Restricted scheduling:
                                                                                                                                  
 
                                                                                                                                  • If the upper CPU limit of a single NUMA node is greater than or equal to the requested CPU cores, pods can only be scheduled to a single NUMA node. If the remaining CPU cores of a single NUMA node are insufficient, the pods cannot be scheduled.
                                                                                                                                  • If the upper CPU limit of a single NUMA node is less than the requested CPU cores, pods can be scheduled to multiple NUMA nodes.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  single-numa-node
                                                                                                                                  
+
                                                                                                                                  single-numa-node
                                                                                                                                  
 
                                                                                                                                  Filter the nodes with the single-numa-node topology policy.
                                                                                                                                  
+
                                                                                                                                  Nodes with the single-numa-node topology policy will be filtered.
                                                                                                                                  
 
                                                                                                                                  • none: unschedulable
                                                                                                                                  • best-effort: unschedulable
                                                                                                                                  • restricted: unschedulable
                                                                                                                                  • single-numa-node: schedulable
                                                                                                                                  
 
                                                                                                                                  Pods can only be scheduled to a single NUMA node.
                                                                                                                                  
+
                                                                                                                                  Pods can only be scheduled to a single NUMA node.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
                                                                                                                                   
 
                                                                                                                                  Worker Node
                                                                                                                                  
+
                                                                                                                                  
-
-
-
+
+
+
+
+
-
-
-
-
+
+
-
-
-
-
+
+
-
-
-
-
+
+
-
-
-
-
+
+
                                                                                                                                  Worker Node
                                                                                                                                  
 
                                                                                                                                  Node Topology Policy
                                                                                                                                  
+
                                                                                                                                  Node Topology Policy
                                                                                                                                  
 
                                                                                                                                  Total CPU Cores on NUMA Node 1
                                                                                                                                  
+
                                                                                                                                  Total CPU Cores on NUMA Node 1
                                                                                                                                  
 
                                                                                                                                  Total CPU Cores on NUMA Node 2
                                                                                                                                  
+
                                                                                                                                  Total CPU Cores on NUMA Node 2
                                                                                                                                  
+
                                                                                                                                  Total CPU Cores
                                                                                                                                  
+
                                                                                                                                  Available CPU Cores
                                                                                                                                  
+
                                                                                                                                  Total CPU Cores
                                                                                                                                  
+
                                                                                                                                  Available CPU Cores
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
 
                                                                                                                                  Node 1
                                                                                                                                  
+
                                                                                                                                  Node 1
                                                                                                                                  
 
                                                                                                                                  best-effort
                                                                                                                                  
+
                                                                                                                                  best-effort
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  7
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  7
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Node 2
                                                                                                                                  
+
                                                                                                                                  Node 2
                                                                                                                                  
 
                                                                                                                                  restricted
                                                                                                                                  
+
                                                                                                                                  restricted
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  7
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  7
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Node 3
                                                                                                                                  
+
                                                                                                                                  Node 3
                                                                                                                                  
 
                                                                                                                                  restricted
                                                                                                                                  
+
                                                                                                                                  restricted
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  7
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  10
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Node 4
                                                                                                                                  
+
                                                                                                                                  Node 4
                                                                                                                                  
 
                                                                                                                                  single-numa-node
                                                                                                                                  
+
                                                                                                                                  single-numa-node
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
 
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  7
                                                                                                                                  
+
                                                                                                                                  16
                                                                                                                                  
+
                                                                                                                                  10
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
                                                                                                                                   
 
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  Figure 1 shows the scheduling of a pod after a topology policy is configured.
                                                                                                                                  
-
                                                                                                                                  • When 9 CPU cores are requested by a pod and the best-effort topology policy is used, Volcano selects node 1 whose topology policy is also best-effort, and this policy allows the pod to be scheduled to multiple NUMA nodes. Therefore, the requested 9 CPU cores will be allocated to two NUMA nodes, and the pod can be scheduled to node 1.
                                                                                                                                  • When 9 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, and each node provides a total of 9 CPU cores. However, the remaining CPU cores on node 2 or 3 are less than the requested. Therefore, the pod cannot be scheduled.
                                                                                                                                  • When 17 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, this policy allows the pod to be scheduled to multiple NUMA nodes, and the upper CPU limit of both the nodes is less than 17. Then, the pod can be scheduled to node 3.
                                                                                                                                  • When 17 CPU cores are requested by a pod and the single-numa-node topology policy is used, Volcano selects nodes whose topology policy is also single-numa-node. However, no node can provide a total of 17 CPU cores. Therefore, the pod cannot be scheduled.
                                                                                                                                  
-
                                                                                                                                  Figure 1 Comparison of NUMA scheduling policies
                                                                                                                                  
+
                                                                                                                                  • When 9 CPU cores are requested by a pod and the best-effort topology policy is used, Volcano selects node 1 whose topology policy is also best-effort, and this policy allows the pod to be scheduled to multiple NUMA nodes. Therefore, the requested 9 CPU cores will be allocated to two NUMA nodes, and the pod can be scheduled to node 1.
                                                                                                                                  • When 11 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, and each node provides at least 11 CPU cores. However, the remaining CPU cores on node 2 or 3 are less than the requested. Therefore, the pod cannot be scheduled.
                                                                                                                                  • When 17 CPU cores are requested by a pod and the restricted topology policy is used, Volcano selects nodes 2 and 3 whose topology policy is also restricted, this policy allows the pod to be scheduled to multiple NUMA nodes, and the upper CPU limit of both the nodes is less than 17. Then, the pod can be scheduled to node 3.
                                                                                                                                  • When 17 CPU cores are requested by a pod and the single-numa-node topology policy is used, Volcano selects nodes whose topology policy is also single-numa-node. However, no node can provide a total of 17 CPU cores. Therefore, the pod cannot be scheduled.
                                                                                                                                  
+
                                                                                                                                  Figure 1 Comparison of NUMA scheduling policies
                                                                                                                                  
 
 
                                                                                                                                  Scheduling Priority
                                                                                                                                  A topology policy aims to schedule pods to the optimal node. In this example, each node is scored to sort out the optimal node.
                                                                                                                                  
 
                                                                                                                                  Principle: Schedule pods to the worker nodes that require the fewest NUMA nodes.
                                                                                                                                  
@@ -125,84 +146,18 @@
 
                                                                                                                                  For example, three nodes meet the CPU topology policy for a pod and the weight of NUMA Aware Plugin is set to 10.
                                                                                                                                  
 
                                                                                                                                  • Node A: One NUMA node provides the CPU resources required by the pod (numaNodeNum = 1).
                                                                                                                                  • Node B: Two NUMA nodes provide the CPU resources required by the pod (numaNodeNum = 2).
                                                                                                                                  • Node C: Four NUMA nodes provide the CPU resources required by the pod (numaNodeNum = 4).
                                                                                                                                  
 
                                                                                                                                  According to the preceding formula, maxNumaNodeNum is 4.
                                                                                                                                  
-
                                                                                                                                  • score(Node A) = 10 x (100 - 100 x 1/4) = 750
                                                                                                                                  • score(Node B) = 10 x (100 - 100 x 2/4) = 500
                                                                                                                                  • score(Node C) = 10 x (100 - 100 x 4/4) = 0
                                                                                                                                  
+
                                                                                                                                  • score (Node A) = 10 x (100 - 100 x 1/4) = 750
                                                                                                                                  • score (Node B) = 10 x (100 - 100 x 2/4) = 500
                                                                                                                                  • score (Node C) = 10 x (100 - 100 x 4/4) = 0
                                                                                                                                  
 
                                                                                                                                  Therefore, the optimal node is Node A.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Enabling NUMA Affinity Scheduling for Volcano
                                                                                                                                  1. Enable static CPU management. For details, see Enabling the CPU Management Policy.
                                                                                                                                  2. Configure a CPU topology policy.
                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. On the right of the page, click the Node Pools tab and choose More > Manage in the Operation column of the target node pool.
                                                                                                                                    2. Change the kubelet Topology Management Policy (topology-manager-policy) value to the required CPU topology policy.
                                                                                                                                      Valid topology policies include none, best-effort, restricted, and single-numa-node. For details, see Pod Scheduling Prediction.
                                                                                                                                      
+
                                                                                                                                      Enabling NUMA Affinity Scheduling for Volcano
                                                                                                                                      1. Enable static CPU management in the node pool. For details, see Enabling CPU Management for a Custom Node Pool.
                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                        2. Choose Nodes in the navigation pane and click the Node Pools tab on the right. Locate the target node pool and choose More > Manage.
                                                                                                                                        3. On the Manage Configurations page, change the cpu-manager-policy value to static in the kubelet area.
                                                                                                                                          
+
                                                                                                                                        4. Click OK.
                                                                                                                                        
+
                                                                                                                                      2. Configure a CPU topology policy in the node pool.
                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. On the right of the page, click the Node Pools tab and choose More > Manage in the Operation column of the target node pool.
                                                                                                                                        2. Change the kubelet Topology Management Policy (topology-manager-policy) value to the required CPU topology policy.
                                                                                                                                          Valid topology policies include none, best-effort, restricted, and single-numa-node. For details, see Pod Scheduling Process.
                                                                                                                                          
+
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                      3. Enable the numa-aware add-on and the resource_exporter function.
                                                                                                                                        Volcano 1.7.1 or later
                                                                                                                                        
-
                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons. On the right of the page, locate the Volcano add-on and click Edit. In the Parameters area, configure Volcano scheduler parameters.
                                                                                                                                          ...
-    "default_scheduler_conf": {
-        "actions": "allocate, backfill, preempt",
-        "tiers": [
-            {
-                "plugins": [
-                    {
-                        "name": "priority"
-                    },
-                    {
-                        "name": "gang"
-                    },
-                    {
-                        "name": "conformance"
-                    }
-                ]
-            },
-            {
-                "plugins": [
-                    {
-                        "name": "drf"
-                    },
-                    {
-                        "name": "predicates"
-                    },
-                    {
-                        "name": "nodeorder"
-                    }
-                ]
-            },
-            {
-                "plugins": [
-                    {
-                        "name": "cce-gpu-topology-predicate"
-                    },
-                    {
-                        "name": "cce-gpu-topology-priority"
-                    },
-                    {
-                        "name": "cce-gpu"
-                    },
-                    {
-                        // add this also enable resource_exporter
-                        "name": "numa-aware", 
-                        // the weight of the NUMA Aware Plugin
-                        "arguments": { 
-                           "weight": "10"
-                        }
-                    }
-                ]
-            },
-            {
-                "plugins": [
-                    {
-                        "name": "nodelocalvolume"
-                    },
-                    {
-                        "name": "nodeemptydirvolume"
-                    },
-                    {
-                        "name": "nodeCSIscheduling"
-                    },
-                    {
-                        "name": "networkresource"
-                    }
-                ]
-            }
-        ]
-    },
-...
                                                                                                                                          
-
                                                                                                                                        
-
                                                                                                                                        Volcano earlier than 1.7.1
                                                                                                                                        1. The resource_exporter_enable parameter is enabled for the Volcano add-on to collect node NUMA information.
                                                                                                                                          {
+
                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, and click Edit.
                                                                                                                                          2. In the Extended Functions area, enable NUMA Topology Scheduling and click OK.
                                                                                                                                          
+
                                                                                                                                          Volcano earlier than 1.7.1
                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab. In the Select Cluster Scheduler area, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                            
+
                                                                                                                                          2. Enable resource_exporter_enable to collect node NUMA information. The following is an example in JSON format:
                                                                                                                                            {
    "plugins": {
       "eas_service": {
          "availability_zone_id": "",
@@ -262,7 +217,9 @@ data:
 
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        Using Volcano to Configure NUMA Affinity Scheduling
                                                                                                                                        1. Refer to the following examples for configuration.
                                                                                                                                          1. Example 1: Configure NUMA affinity for a Deployment.
                                                                                                                                            kind: Deployment
+
                                                                                                                                            Example of NUMA Affinity Scheduling
                                                                                                                                            The following describes how to choose NUMA nodes for scheduling pods according to pod scheduling policies. For details, see Pod Scheduling Process.
                                                                                                                                            
+
                                                                                                                                            • single-numa-node: When pods are scheduled, nodes in the node pool with the single-numa-node topology management policy will be chosen, and a single NUMA node must provide the CPU cores. If none of the nodes in the pool meet these requirements, the pod cannot be scheduled.
                                                                                                                                            • restricted: When pods are scheduled, nodes in the node pool with the restricted topology management policy will be chosen, and a set of NUMA nodes on the same node must provide the CPU cores. If none of the nodes in the pool meet these requirements, the pod cannot be scheduled.
                                                                                                                                            • best-effort: When pods are scheduled, nodes in the node pool with the best-effort topology management policy will be chosen, and a single NUMA node needs to provide the CPU cores. If none of the nodes in the pool meet these requirements, the pod will be scheduled to the most suitable node.
                                                                                                                                            
+
                                                                                                                                            1. Refer to the following examples for configuration.
                                                                                                                                              1. Example 1: Configure NUMA affinity for a Deployment.
                                                                                                                                                kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: numa-tset
@@ -316,41 +273,41 @@ spec:
 
                                                                                                                                              
 
                                                                                                                                            2. Analyze NUMA scheduling.
                                                                                                                                              The following table shows example NUMA nodes.
                                                                                                                                              
 
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0550.html b/docs/cce/umn/cce_10_0550.html
index 634e672c8..76576c01b 100644
--- a/docs/cce/umn/cce_10_0550.html
+++ b/docs/cce/umn/cce_10_0550.html
@@ -137,6 +137,20 @@
 
                                                                                                                                            3. Number of Node Images
                                                                                                                                              
 
                                                                                                                                              4. 
+
                                                                                                                                            4. Compatibility Check of Secret Encryption
                                                                                                                                              
+
                                                                                                                                              5. 
+
                                                                                                                                            5. Compatibility Between the Ubuntu Kernel and GPU Driver
                                                                                                                                              
+
                                                                                                                                              6. 
+
                                                                                                                                            6. Drainage Tasks
                                                                                                                                              
+
                                                                                                                                              7. 
+
                                                                                                                                            7. Image Layers on a Node
                                                                                                                                              
+
                                                                                                                                              8. 
+
                                                                                                                                            8. Cluster Rolling Upgrade
                                                                                                                                              
+
                                                                                                                                              9. 
+
                                                                                                                                            9. Rotation Certificates
                                                                                                                                              
+
                                                                                                                                              10. 
+
                                                                                                                                            10. Ingress and ELB Configuration Consistency
                                                                                                                                              
+
                                                                                                                                              11. 
diff --git a/docs/cce/umn/cce_10_0551.html b/docs/cce/umn/cce_10_0551.html
index c38ac0d4a..77da4fa30 100644
--- a/docs/cce/umn/cce_10_0551.html
+++ b/docs/cce/umn/cce_10_0551.html
@@ -1,8 +1,7 @@
 
 
 
                                                                                                                                              CPU Scheduling
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
+
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                                
 
                                                                                                                                              • CPU Policy
                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0552.html b/docs/cce/umn/cce_10_0552.html
index 5d510487f..257aa91b4 100644
--- a/docs/cce/umn/cce_10_0552.html
+++ b/docs/cce/umn/cce_10_0552.html
@@ -17,13 +17,13 @@ spec:
         memory: "200Mi"
         cpu: "1"
 
                                                                                                                                                This feature is built on the optimized CPU scheduling in the HCE OS 2.0 kernel. When the CPU usage preferentially used by a container exceeds 85%, the container is automatically allocated to other CPUs with low usage to ensure the response capability of applications.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                 
                                                                                                                                                • When enhanced CPU policy is enabled, the application performance is better than that of the none) policy but worse than that of the static policy.
                                                                                                                                                • CPU would not be exclusively used by burstable pods, it is still in the shared CPU pool. When the burstable pods are in the low tide, other pods can share this CPU.
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                                 
                                                                                                                                                • When enhanced CPU policy is enabled, the application performance is better than that of the none policy but worse than that of the static policy.
                                                                                                                                                • CPU would not be exclusively used by burstable pods, it is still in the shared CPU pool. When the burstable pods are in the low tide, other pods can share this CPU.
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                Notes and Constraints
                                                                                                                                                To use this feature, the following conditions must be met:
                                                                                                                                                
 
                                                                                                                                                • The cluster version must be v1.23 or later.
                                                                                                                                                • The node OS is HCE OS 2.0.
                                                                                                                                                • The CPU management policy cannot take effect on physical cloud server nodes.
                                                                                                                                                
 
                                                                                                                                                
-
                                                                                                                                                Procedure
                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                3. Select a node pool whose OS is HCE OS 2.0 and click Manage in the Operation column.
                                                                                                                                                4. In the Manage Components window that is displayed, change the cpu-manager-policy value of the kubelet component to enhanced-static.
                                                                                                                                                5. Click OK.
                                                                                                                                                
+
                                                                                                                                                Procedure
                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                3. Select a node pool whose OS is HCE OS 2.0 and click Manage in the Operation column.
                                                                                                                                                4. On the Manage Components page, change the cpu-manager-policy value to enhanced-static in the kubelet area.
                                                                                                                                                5. Click OK.
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                Verification
                                                                                                                                                Take a node with 8 vCPUs and 32 GB memory as an example. Deploy a workload whose CPU request is 1 and limit is 2 in the cluster in advance.
                                                                                                                                                
 
                                                                                                                                                1. Log in to a node in the node pool and view the /var/lib/kubelet/cpu_manager_state output.
                                                                                                                                                  cat /var/lib/kubelet/cpu_manager_state
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0601.html b/docs/cce/umn/cce_10_0601.html
index 1aec408bb..ec2cedbd9 100644
--- a/docs/cce/umn/cce_10_0601.html
+++ b/docs/cce/umn/cce_10_0601.html
@@ -2,17 +2,17 @@
 
 
                                                                                                                                                  Migrating Nodes from Docker to containerd
                                                                                                                                                  
 
                                                                                                                                                  Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE is going to stop the support for Docker. Change the node container engine from Docker to containerd.
                                                                                                                                                  
-
                                                                                                                                                  Prerequisites
                                                                                                                                                  
+
                                                                                                                                                  Prerequisites
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  Precautions
                                                                                                                                                  • Theoretically, migration during container running will interrupt services for a short period of time. Therefore, it is strongly recommended that the services to be migrated have been deployed as multi-instance. In addition, you are advised to test the migration impact in the test environment to minimize potential risks.
                                                                                                                                                  • containerd cannot build images. Do not use the docker build command to build images on containerd nodes. For other differences between Docker and containerd, see Container Engines.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Migrating a Node
                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                  2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                                                                  3. In the node list, select one or more nodes to be reset and choose More > Reset Node in the Operation column.
                                                                                                                                                  4. Set Container Engine to containerd. You can adjust other parameters as required or retain them as set during creation.
                                                                                                                                                    
+
                                                                                                                                                    Procedure for Migrating Nodes in the Default Node Pool
                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                    2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                                                                    3. In the node list, select one or more nodes to be reset and choose More > Reset Node in the Operation column.
                                                                                                                                                    4. Set Container Engine to containerd. You can adjust other parameters as required or retain them as set during creation.
                                                                                                                                                      
 
                                                                                                                                                    5. If the node status is Installing, the node is being reset.
                                                                                                                                                      When the node status is Running, you can see that the node version is switched to containerd. You can log in to the node and run containerd commands such as crictl to view information about the containers running on the node.
                                                                                                                                                      
 
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Migrating a Node Pool
                                                                                                                                                    You can copy a node pool, set the container engine of the new node pool to containerd, and keep other configurations the same as those of the original Docker node pool.
                                                                                                                                                    
+
                                                                                                                                                    Procedure for Migrating Nodes in a Custom Node Pool
                                                                                                                                                    You can copy a node pool, set the container engine of the new node pool to containerd, and keep other configurations the same as those of the original Docker node pool.
                                                                                                                                                    
 
                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                    2. In the navigation pane, choose Nodes. On the Node Pools tab page, locate the Docker node pool to be copied and choose More > Copy in the Operation column.
                                                                                                                                                      
-
                                                                                                                                                    3. On the Compute Settings area, set Container Engine to containerd and modify other parameters as required.
                                                                                                                                                      
+
                                                                                                                                                    4. In the Configurations area, set Container Engine to containerd and modify other parameter settings as needed to create the node pool.
                                                                                                                                                      
 
                                                                                                                                                    5. Scale the number of created containerd node pools to the number of original Docker node pools and delete nodes from the Docker node pools one by one.
                                                                                                                                                      Rolling migration is preferred. That is, add some containerd nodes and then delete some Docker nodes until the number of nodes in the new containerd node pool is the same as that in the original Docker node pool.
                                                                                                                                                      
 
                                                                                                                                                       
                                                                                                                                                      If you have set node affinity for the workloads deployed on the original Docker nodes or node pool, set affinity policies for the workloads to run on the new containerd nodes or node pool.
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0602.html b/docs/cce/umn/cce_10_0602.html
index c7796419e..a084ae250 100644
--- a/docs/cce/umn/cce_10_0602.html
+++ b/docs/cce/umn/cce_10_0602.html
@@ -10,6 +10,10 @@
 
                                                                                                                                                      Method 2: Enabling it in an existing cluster
                                                                                                                                                      
 
                                                                                                                                                      1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                                                                      2. On the Overview page, check the master node information. If overload control is not enabled, a message will be displayed. You can click Enable to enable the function.
                                                                                                                                                      
 
                                                                                                                                                    
+
                                                                                                                                                    Overload Monitoring
                                                                                                                                                    1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                                                                    2. On the Overview page, check the master node information. The overload level metric will be displayed.
                                                                                                                                                      The overload levels are as follows:
                                                                                                                                                      • Circuit breaking: Rejects all external traffic.
                                                                                                                                                      • Severe overload: Rejects 75% external traffic.
                                                                                                                                                      • Moderate overload: Rejects 50% external traffic.
                                                                                                                                                      • Slight overload: Rejects 25% external traffic.
                                                                                                                                                      • Normal: Does not reject external traffic.
                                                                                                                                                      
+
                                                                                                                                                      
+
                                                                                                                                                    
+
                                                                                                                                                    
 
                                                                                                                                                    Disabling Cluster Overload Control
                                                                                                                                                    1. Log in to the CCE console and click the name of an existing cluster whose version is v1.23 or later.
                                                                                                                                                    2. In the navigation pane, choose Settings.
                                                                                                                                                    3. On the Cluster Access tab page, disable overload control.
                                                                                                                                                    4. Click OK.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0603.html b/docs/cce/umn/cce_10_0603.html
index ee5ed0d83..d8dce2774 100644
--- a/docs/cce/umn/cce_10_0603.html
+++ b/docs/cce/umn/cce_10_0603.html
@@ -4,12 +4,12 @@
 
                                                                                                                                                    Application Scenarios
                                                                                                                                                    In Cloud Native Network 2.0, each pod is associated with an ENI, providing a static IP address to the StatefulSet pods (container ENI). This is a common practice in access control, service registration, service discovery, and log audit of static IP addresses.
                                                                                                                                                    
 
                                                                                                                                                    For example, if a StatefulSet service needs to control the access of a cloud database, you can fix the pod IP address of the service and configure the security group of the cloud database to allow only the service IP address to access the database.
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Constraints
                                                                                                                                                    • You can configure a static IP address for a pod only in CCE Turbo clusters of the following versions:
                                                                                                                                                      • v1.25: v1.25.3-r0 or later
                                                                                                                                                      • v1.25 or later
                                                                                                                                                      
+
                                                                                                                                                      Notes and Constraints
                                                                                                                                                      • You can configure a static IP address for a pod only in CCE Turbo clusters of the following versions:
                                                                                                                                                        • v1.25: v1.25.3-r0 or later
                                                                                                                                                        • v1.25 or later
                                                                                                                                                        
 
                                                                                                                                                      • Currently, only StatefulSet pods or pods without ownerReferences can be configured with static IP addresses. Deployments, DaemonSets, and other types of workloads cannot be configured with static IP addresses. In addition, pods with HostNetwork configured cannot be configured with static IP addresses.
                                                                                                                                                      • Do not configure static IP addresses for services that do not have specific requirements on pod IP addresses. Otherwise, the pod rebuilding takes a longer time and the IP address usage decreases.
                                                                                                                                                      • The annotations of the static IP address of the pod object cannot be directly modified. Otherwise, the modification does not take effect in the background. To modify the annotations, modify the annotations configuration in the spec.template field of the corresponding StatefulSet workload.
                                                                                                                                                      • If there are no ENIs left on the node where the pod with a static IP address is rebuilt and scheduled (the pre-bound ENIs also occupy the ENI quota), the static IP address ENIs preempt the pre-bound ENIs. In this case, the pod starts slightly slowly. If a node uses a static IP address, properly configure the dynamic pre-binding policy for the node to ensure that not all ENIs are pre-bound.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Using the CCE Console
                                                                                                                                                      When creating a workload on the console, you can set the static IP address for a pod in the Advanced Settings > Network Configuration area.
                                                                                                                                                      
 
                                                                                                                                                      • Whether to enable fixed IP addresses: After the function is enabled, the pod IP address does not change each time the pod is restarted.
                                                                                                                                                      • Recycling Interval: Retention period of related IP addresses after the pod is deleted. During this interval, the original pod IP address cannot be used by other pods.
                                                                                                                                                      
-
                                                                                                                                                      
+
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Using kubectl
                                                                                                                                                      You can add annotations to a StatefulSet to enable or disable the static IP address function of the pod.
                                                                                                                                                      
 
                                                                                                                                                      apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0605.html b/docs/cce/umn/cce_10_0605.html
index 7cfddefc0..6d0d8428b 100644
--- a/docs/cce/umn/cce_10_0605.html
+++ b/docs/cce/umn/cce_10_0605.html
@@ -39,6 +39,8 @@
 
                                                                                                                                              
-
@@ -217,7 +218,7 @@ spec:
 
-
@@ -232,7 +233,7 @@ metadata:
   namespace: default
   annotations:
       everest.io/disk-volume-type: SAS    # EVS disk type
-    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
   labels:
     failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
@@ -259,7 +260,7 @@ spec:
 
-
diff --git a/docs/cce/umn/cce_10_0615.html b/docs/cce/umn/cce_10_0615.html
index 5e7644dd0..01f899779 100644
--- a/docs/cce/umn/cce_10_0615.html
+++ b/docs/cce/umn/cce_10_0615.html
@@ -33,14 +33,18 @@
 
-
-
@@ -205,7 +210,7 @@ spec:
 
@@ -214,9 +219,9 @@ spec:
 
-
diff --git a/docs/cce/umn/cce_10_0616.html b/docs/cce/umn/cce_10_0616.html
index b0fc85043..f94e3deb0 100644
--- a/docs/cce/umn/cce_10_0616.html
+++ b/docs/cce/umn/cce_10_0616.html
@@ -2,6 +2,8 @@
 
 
                                                                                                                                              Dynamically Mounting an EVS Disk to a StatefulSet
                                                                                                                                              Application Scenarios
                                                                                                                                              Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on dynamic creation of PVs through StorageClass. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                                              
+
                                                                                                                                               
                                                                                                                                              When updating a StatefulSet in Kubernetes, it is not allowed to add or delete the volumeClaimTemplates field. This field can only be configured during the creation of the StatefulSet.
                                                                                                                                              
+
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              Prerequisites
                                                                                                                                              
 
                                                                                                                                              
@@ -29,14 +31,15 @@
 
 
                                                                                                                                              
-
-
@@ -233,8 +236,9 @@ spec:
 
-
-
diff --git a/docs/cce/umn/cce_10_0619.html b/docs/cce/umn/cce_10_0619.html
index f2d2956c0..87659773c 100644
--- a/docs/cce/umn/cce_10_0619.html
+++ b/docs/cce/umn/cce_10_0619.html
@@ -26,7 +26,7 @@
 
-
@@ -39,8 +39,6 @@
 
-
                                                                                                                                              Worker Node
                                                                                                                                              
+
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -374,6 +331,11 @@ NUMA node1 CPU(s):   16-31
 {"policyName":"static","defaultCpuSet":"0,10-15,25-31","entries":{"777870b5-c64f-42f5-9296-688b9dc212ba":{"container-1":"16-24"},"fb15e10a-b6a5-4aaa-8fcd-76c1aa64e6fd":{"container-1":"1-9"}},"checksum":318470969}
                                                                                                                                              The preceding example shows that two containers are running on the node. One container uses CPU cores 1 to 9 of NUMA node 0, and the other container uses CPU cores 16 to 24 of NUMA node 1.
                                                                                                                                              
+
                                                                                                                                              Common Issues
                                                                                                                                              Schedule pods failed.
                                                                                                                                              
+
                                                                                                                                              If Volcano is set as the scheduler and only NUMA is enabled without configuring CPU management during pod scheduling, job scheduling may fail. To fix this issue, do as follows:
                                                                                                                                              
+
                                                                                                                                              • Before using NUMA affinity scheduling, make sure that Volcano has been deployed and is running properly.
                                                                                                                                              • When using NUMA affinity scheduling:
                                                                                                                                                1. Set the CPU management policy (cpu-manager-policy) of the node pool to static.
                                                                                                                                                2. Correctly configure the topology management policy (topology-manager-policy) in the node pool.
                                                                                                                                                3. Configure a correct topology policy for pods to filter nodes with the same topology policy in the node pool. For details, see Example of NUMA Affinity Scheduling.
                                                                                                                                                4. Configure the Volcano scheduler to schedule application pods. For details, see Scheduling Workloads. Make sure that the CPU requests for all containers within the pods are integers (measured in cores) and that the requests and limits are identical.
                                                                                                                                                
+
                                                                                                                                              
+
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0426.html b/docs/cce/umn/cce_10_0426.html
index bca6a457c..7de6cd49a 100644
--- a/docs/cce/umn/cce_10_0426.html
+++ b/docs/cce/umn/cce_10_0426.html
@@ -5,7 +5,7 @@
 
                                                                                                                                              
 
                                                                                                                                              Notes and Constraints
                                                                                                                                              • Do not add more than 1000 pods to the same security group. Otherwise, the security group performance may be impacted. 
                                                                                                                                              • Exercise caution when modifying the security group rules of a master node. 
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Procedure
                                                                                                                                              1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                              2. Click the cluster name to access the Overview page.
                                                                                                                                              3. In the Network Configuration area, click  next to the Default Node Security Group.
                                                                                                                                              4. Select an existing security group, confirm that the security group rules meet the cluster requirements, and click OK.
                                                                                                                                                 
                                                                                                                                                • Ensure that correct port rules are configured for the selected security group. Otherwise, the node cannot be created. The port rules that a security group must comply with vary with the cluster type.
                                                                                                                                                • The new security group takes effect only for newly created or managed nodes. For existing nodes, modify the security group rules and reset the nodes in real time. The original security group is still used. 
                                                                                                                                                
+
                                                                                                                                                Procedure
                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                2. Click the cluster name to access the Overview page.
                                                                                                                                                3. In the Networking Configuration area, click Edit next to the Default Node Security Group.
                                                                                                                                                4. Select an existing security group, confirm that the security group rules meet the cluster requirements, and click OK.
                                                                                                                                                   
                                                                                                                                                  • Ensure that correct port rules are configured for the selected security group. Otherwise, the node cannot be created. The port rules that a security group must comply with vary with the cluster type.
                                                                                                                                                  • The new security group takes effect only for newly created or managed nodes. For existing nodes, modify the security group rules and reset the nodes in real time. The original security group is still used. 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                
 
                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0430.html b/docs/cce/umn/cce_10_0430.html
index 9cb96da7d..91051ac3d 100644
--- a/docs/cce/umn/cce_10_0430.html
+++ b/docs/cce/umn/cce_10_0430.html
@@ -11,7 +11,7 @@
 
                                                                                                                                                Master Nodes and Cluster Scale
                                                                                                                                                When you create a cluster on CCE, you can have one or three master nodes. Three master nodes will be deployed in a cluster for HA.
                                                                                                                                                
 
                                                                                                                                                The master node specifications decide the number of nodes that can be managed by a cluster. You can select the cluster management scale, for example, 50 or 200 nodes.
                                                                                                                                                
 
                                                                                                                                                
-
                                                                                                                                                Cluster Lifecycle
                                                                                                                                                
+
                                                                                                                                                Cluster Lifecycle
                                                                                                                                                
 
                                                                                                                                              Worker Node
                                                                                                                                              
 
                                                                                                                                              Topology Manager Policy
                                                                                                                                              
+
                                                                                                                                              Topology Manager Policy
                                                                                                                                              
 
                                                                                                                                              Allocatable CPU Cores on NUMA Node 0
                                                                                                                                              
+
                                                                                                                                              Allocatable CPU Cores on NUMA Node 0
                                                                                                                                              
 
                                                                                                                                              Allocatable CPU Cores on NUMA Node 1
                                                                                                                                              
+
                                                                                                                                              Allocatable CPU Cores on NUMA Node 1
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              Node 1
                                                                                                                                              
+
                                                                                                                                              Node 1
                                                                                                                                              
 
                                                                                                                                              single-numa-node
                                                                                                                                              
+
                                                                                                                                              single-numa-node
                                                                                                                                              
 
                                                                                                                                              16
                                                                                                                                              
+
                                                                                                                                              16
                                                                                                                                              
 
                                                                                                                                              16
                                                                                                                                              
+
                                                                                                                                              16
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Node 2
                                                                                                                                              
+
                                                                                                                                              Node 2
                                                                                                                                              
 
                                                                                                                                              best-effort
                                                                                                                                              
+
                                                                                                                                              best-effort
                                                                                                                                              
 
                                                                                                                                              16
                                                                                                                                              
+
                                                                                                                                              16
                                                                                                                                              
 
                                                                                                                                              16
                                                                                                                                              
+
                                                                                                                                              16
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Node 3
                                                                                                                                              
+
                                                                                                                                              Node 3
                                                                                                                                              
 
                                                                                                                                              best-effort
                                                                                                                                              
+
                                                                                                                                              best-effort
                                                                                                                                              
 
                                                                                                                                              20
                                                                                                                                              
+
                                                                                                                                              20
                                                                                                                                              
 
                                                                                                                                              20
                                                                                                                                              
+
                                                                                                                                              20
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
                                                                                                                                               
 
 
 
 
                                                                                                                                              
-
-
-
@@ -38,7 +36,7 @@
 
                                                                                                                                            11. The affected node belongs to the default node pool but it is configured with a non-default node pool label, which will affect the upgrade.
                                                                                                                                              If a node is migrated from a common node pool to the default node pool, the cce.cloud.com/cce-nodepool label will affect the cluster upgrade. Check whether load scheduling on the node depends on the label.
                                                                                                                                              
 
                                                                                                                                              • If no, delete the label.
                                                                                                                                              • If yes, modify the load balancing policy, remove the dependency, and then delete the label.
                                                                                                                                              
 
                                                                                                                                            12. The node is marked with a CNIProblem taint. Preferentially recover the node.
                                                                                                                                              The node contains a taint whose key is node.cloudprovider.kubernetes.io/cni-problem, and the effect is NoSchedule. The taint is added by the NPD add-on. Upgrade the NPD add-on to the latest version and check again. If the problem persists, contact technical support.
                                                                                                                                              
-
                                                                                                                                            13. The Kubernetes node corresponding to the affected node does not exist.
                                                                                                                                              It is possible that the node is being deleted. Check again later.
                                                                                                                                              
+
                                                                                                                                            14. The resources for the affected node in Kubernetes are not available. It is possible that the node is being deleted. Try again later.
                                                                                                                                              Recheck after the node is deleted.
                                                                                                                                              
 
                                                                                                                                            15. The OS running on the master node is EulerOS 2.5, which does not support the cluster to be upgraded to v1.27.5-r0.
                                                                                                                                              You can upgrade the version to 1.25 or 1.28. If you choose to upgrade the version to 1.28, EulerOS 2.5 will be upgraded to HCE 2.0 during the upgrade. If you have other requirements, submit a service ticket.
                                                                                                                                              
 
                                                                                                                                              16. 
diff --git a/docs/cce/umn/cce_10_0432.html b/docs/cce/umn/cce_10_0432.html
index c7ea5daab..9146119a6 100644
--- a/docs/cce/umn/cce_10_0432.html
+++ b/docs/cce/umn/cce_10_0432.html
@@ -5,7 +5,7 @@
 
                                                                                                                                              Solution
                                                                                                                                              CCE may temporarily restrict the cluster upgrade due to the following reasons:
                                                                                                                                              
 
                                                                                                                                              • The cluster is identified as the core production cluster.
                                                                                                                                              • Other O&M tasks are being or will be performed, for example, 3-AZ reconstruction on master nodes.
                                                                                                                                              
-
                                                                                                                                              To resolve this issue, contact technical support.
                                                                                                                                              
+
                                                                                                                                              To resolve this issue, contact technical support based on logs displayed on the console.
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0433.html b/docs/cce/umn/cce_10_0433.html
index 474859082..824e21107 100644
--- a/docs/cce/umn/cce_10_0433.html
+++ b/docs/cce/umn/cce_10_0433.html
@@ -2,12 +2,13 @@
 
 
                                                                                                                                              Add-ons
                                                                                                                                              
 
                                                                                                                                              Check Items
                                                                                                                                              Check the following items:
                                                                                                                                              
-
                                                                                                                                              • Check whether the add-on status is normal.
                                                                                                                                              • Check whether the add-on support the target version.
                                                                                                                                              
+
                                                                                                                                              • Check whether the add-on status is normal.
                                                                                                                                              • Check whether the add-on supports the target version.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              Solution
                                                                                                                                              • Scenario 1: The add-on malfunctions.
                                                                                                                                                Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane and obtain add-ons. Then, handle malfunctional add-ons.
                                                                                                                                                
-
                                                                                                                                              • Scenario 2: The target cluster version does not support the current add-on version.
                                                                                                                                                The add-on cannot be automatically upgraded with the cluster due to compatibility issues. In this case, log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane and manually upgrade the add-on.
                                                                                                                                                
-
                                                                                                                                              • Scenario 3: After the add-on is upgraded to the latest version, it is still not supported by the target cluster version.
                                                                                                                                                Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane and manually uninstall the add-on. For details about the supported add-on versions and substitutions, see the Help document.
                                                                                                                                                
-
                                                                                                                                              • Scenario 4: The add-on configuration does not meet the upgrade requirements. Upgrade the add-on and try again.
                                                                                                                                                The following error information is displayed during the pre-upgrade check:
                                                                                                                                                
+
                                                                                                                                              • Scenario 2: The target version of the cluster upgrade does not support the add-on.
                                                                                                                                                The following error information is displayed during the pre-upgrade check:
                                                                                                                                                
+
                                                                                                                                                addon [***] does not support cluster target version, check and try again
                                                                                                                                                
+
                                                                                                                                                Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane and manually uninstall the add-on. For details about the supported add-on versions and substitutions, see the Help document.
                                                                                                                                                
+
                                                                                                                                              • Scenario 3: The add-on configuration does not meet the upgrade requirements. Upgrade the add-on and try again.
                                                                                                                                                The following error information is displayed during the pre-upgrade check:
                                                                                                                                                
 
                                                                                                                                                please upgrade addon [ ] in the page of addon managecheck and try again
                                                                                                                                                
 
                                                                                                                                                In this case, log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane and manually upgrade the add-on.
                                                                                                                                                
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0435.html b/docs/cce/umn/cce_10_0435.html
index 8e317c66d..933d7bb32 100644
--- a/docs/cce/umn/cce_10_0435.html
+++ b/docs/cce/umn/cce_10_0435.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                              SSH Connectivity of Master Nodes
                                                                                                                                              
-
                                                                                                                                              Check Items
                                                                                                                                              Check whether your master nodes can be accessed using SSH.
                                                                                                                                              
+
                                                                                                                                              Check Items
                                                                                                                                              Check whether your master nodes can be accessed using SSH.
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Solution
                                                                                                                                              There is a low probability that the SSH connectivity check fails due to network fluctuations. Perform the pre-upgrade check again.
                                                                                                                                              
-
                                                                                                                                              If the check still fails, submit a service ticket to contact technical support.
                                                                                                                                              
+
                                                                                                                                              Solution
                                                                                                                                              There is a low probability that the SSH connectivity check fails due to network fluctuations. Perform the pre-upgrade check again.
                                                                                                                                              
+
                                                                                                                                              If the check still fails, submit a service ticket to contact technical support.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0436.html b/docs/cce/umn/cce_10_0436.html
index a33135422..52c69f82a 100644
--- a/docs/cce/umn/cce_10_0436.html
+++ b/docs/cce/umn/cce_10_0436.html
@@ -3,7 +3,7 @@
 
                                                                                                                                              Node Pools
                                                                                                                                              
 
                                                                                                                                              Check Items
                                                                                                                                              • Check the node pool status.
                                                                                                                                              • Check whether the node pool OS or container runtime is supported after the upgrade.
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Solution
                                                                                                                                              • Scenario: The node pool malfunctions.
                                                                                                                                                Log in to the CCE console and click the cluster name to access the cluster console. Choose Nodes in the navigation pane and view the status of the affected node pool on the Node Pools tab. If the node pool is being scaled, wait until the node pool scaling is complete.
                                                                                                                                                
+
                                                                                                                                                Solution
                                                                                                                                                • Scenario: The node pool malfunctions.
                                                                                                                                                  Log in to the CCE console and click the cluster name to access the cluster console. Choose Nodes in the navigation pane and check the status of the affected node pool on the Node Pools tab. If the node pool is being scaled, wait until the node pool scaling is complete.
                                                                                                                                                  
 
                                                                                                                                                • Scenario: The node pool OS is not supported.
                                                                                                                                                  The runtime and OS vary depending on the cluster version. This issue typically occurs when a cluster of an earlier version is upgraded to v1.27 or later. 
                                                                                                                                                  
 
                                                                                                                                                  Log in to the CCE console and click the cluster name to access the cluster console. Choose Nodes in the navigation pane, view the status of the affected node pool on the Node Pools tab, and click Upgrade. Change the supported OSs based on the pre-upgrade check result, and click OK.
                                                                                                                                                  
 
                                                                                                                                                  If there are nodes in the affected node pool, choose More > Synchronize in the operation column to synchronize the OS of the existing nodes. For details, see Synchronizing Node Pools.
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0439.html b/docs/cce/umn/cce_10_0439.html
index 8c5e8aa2e..d4b176f7a 100644
--- a/docs/cce/umn/cce_10_0439.html
+++ b/docs/cce/umn/cce_10_0439.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                  Residual Nodes
                                                                                                                                                  
 
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether nodes need to be migrated.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before performing the upgrade again.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  This issue is caused by either an error in the node's package pull component or the absence of key system components on the node, which could be due to an upgrade from an earlier version.
                                                                                                                                                  
 
                                                                                                                                                  Solution 1
                                                                                                                                                  
 
                                                                                                                                                  Log in to the CCE console and click the cluster name to access the cluster console. Choose Nodes in the navigation pane. Locate the row containing the target node and choose More > Reset Node in the Operation column. For details, see Resetting a Node. After the node is reset, retry the check task.
                                                                                                                                                  
 
                                                                                                                                                   
                                                                                                                                                  Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0440.html b/docs/cce/umn/cce_10_0440.html
index 327d8670d..a587b2499 100644
--- a/docs/cce/umn/cce_10_0440.html
+++ b/docs/cce/umn/cce_10_0440.html
@@ -3,11 +3,14 @@
 
                                                                                                                                                  Discarded Kubernetes Resources
                                                                                                                                                  
 
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether there are discarded resources in the clusters.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  Scenario: The Service in the clusters of v1.25 or later has discarded annotation: tolerate-unready-endpoints.
                                                                                                                                                  
-
                                                                                                                                                  Error log:
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  • Scenario 1: The Service in the clusters of v1.25 or later has discarded annotation tolerate-unready-endpoints.
                                                                                                                                                    Error log:
                                                                                                                                                    
 
                                                                                                                                                    some check failed in cluster upgrade: this cluster has deprecated service list: map[***] with deprecated annotation list [tolerate-unready-endpoints]
                                                                                                                                                    
-
                                                                                                                                                    Check whether the Service provided in the log information contains the annotation of tolerate-unready-endpoints. If yes, replace the annotation with the following fields:
                                                                                                                                                    
-
                                                                                                                                                    publishNotReadyAddresses: true
                                                                                                                                                    
+
                                                                                                                                                    Check whether the Service provided in the log information contains the annotation tolerate-unready-endpoint. If so, replace the annotation with the following fields in Service spec:
                                                                                                                                                    
+
                                                                                                                                                    publishNotReadyAddresses: true
                                                                                                                                                    
+
                                                                                                                                                  • Scenario 2: The Service in the clusters of v1.27 or later has discarded annotation service.kubernetes.io/topology-aware-hints.
                                                                                                                                                    Error log:
                                                                                                                                                    
+
                                                                                                                                                    some check failed in cluster upgrade: this cluster has deprecated service list: map[***] with deprecated annotation list [service.kubernetes.io/topology-aware-hints]
                                                                                                                                                    
+
                                                                                                                                                    Check whether the Service provided in the log information contains the annotation service.kubernetes.io/topology-aware-hints. If so, replace it with the annotation service.kubernetes.io/topology-mode in the affected Service.
                                                                                                                                                    
+
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0442.html b/docs/cce/umn/cce_10_0442.html
index 4cab0b431..6f88cee0a 100644
--- a/docs/cce/umn/cce_10_0442.html
+++ b/docs/cce/umn/cce_10_0442.html
@@ -9,9 +9,8 @@
 
                                                                                                                                                  Perform the pre-upgrade check again.
                                                                                                                                                  
 
                                                                                                                                                • Scenario 2: The error message "your cce-agent is not the latest version" is displayed.
                                                                                                                                                  cce-agent is not of the latest version, and the automatic update failed. This issue is typically caused by an invalid OBS path or the component version is outdated.
                                                                                                                                                  
 
                                                                                                                                                  Solution
                                                                                                                                                  
-
                                                                                                                                                  1. Log in to a node where the check succeeded, obtain the path of the cce-agent configuration file, and obtain the OBS address.
                                                                                                                                                    cat `ps aux | grep cce-agent | grep -v grep | awk -F '-f ' '{print $2}'`
                                                                                                                                                    
-
                                                                                                                                                    The OBS configuration address field in the configuration file is packageFrom.addr.
                                                                                                                                                    
-
                                                                                                                                                    Figure 1 OBS address
                                                                                                                                                    
+
                                                                                                                                                    1. Log in to the affected node and run the following command to obtain a valid OBS address:
                                                                                                                                                      cat /home/paas/upgrade/agentConfig | python -m json.tool
                                                                                                                                                      
+
                                                                                                                                                      
 
                                                                                                                                                    2. Log in to a where the check failed, obtain the OBS address again by referring to the previous step, and check whether the OBS addresses are the same. If they are different, change the OBS address of the abnormal node to the correct address.
                                                                                                                                                    3. Run the following commands to download the latest binary file:
                                                                                                                                                      • x86
                                                                                                                                                        curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent" > /tmp/cce-agent
                                                                                                                                                        
 
                                                                                                                                                      • Arm
                                                                                                                                                        curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent-arm" > /tmp/cce-agent-arm
                                                                                                                                                        
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0443.html b/docs/cce/umn/cce_10_0443.html
index 6a588fee3..13990b337 100644
--- a/docs/cce/umn/cce_10_0443.html
+++ b/docs/cce/umn/cce_10_0443.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                      Node CPU Usage
                                                                                                                                                      
-
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the CPU usage of the node exceeds 90%.
                                                                                                                                                      
+
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the node's CPU usage is above 90%.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      • Upgrade the cluster during off-peak hours.
                                                                                                                                                      • Check whether too many pods are deployed on the node. If yes, reschedule pods to other idle nodes.
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0449.html b/docs/cce/umn/cce_10_0449.html
index 48bd831cc..8549e3152 100644
--- a/docs/cce/umn/cce_10_0449.html
+++ b/docs/cce/umn/cce_10_0449.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                      Node Memory
                                                                                                                                                      
-
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the memory usage of the node exceeds 90%.
                                                                                                                                                      
+
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the node's memory usage is above 90%.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      • Upgrade the cluster during off-peak hours.
                                                                                                                                                      • Check whether too many pods are deployed on the node. If yes, reschedule pods to other idle nodes.
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0450.html b/docs/cce/umn/cce_10_0450.html
index 467576b65..d862f2bae 100644
--- a/docs/cce/umn/cce_10_0450.html
+++ b/docs/cce/umn/cce_10_0450.html
@@ -5,11 +5,11 @@
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      • Scenario 1: ntpd is running abnormally.
                                                                                                                                                        Log in to the node and run the systemctl status ntpd command to obtain the running status of ntpd. If the command output is abnormal, run the systemctl restart ntpd command and obtain the status again.
                                                                                                                                                        
 
                                                                                                                                                        The normal command output is as follows:
                                                                                                                                                        
-
                                                                                                                                                        Figure 1 Running status of ntpd
                                                                                                                                                        
+
                                                                                                                                                        Figure 1 Running status of ntpd
                                                                                                                                                        
 
                                                                                                                                                        If the problem persists after ntpd is restarted, contact technical support.
                                                                                                                                                        
 
                                                                                                                                                      • Scenario 2: chronyd is running abnormally.
                                                                                                                                                        Log in to the node and run the systemctl status chronyd command to obtain the running status of chronyd. If the command output is abnormal, run the systemctl restart chronyd command and obtain the status again.
                                                                                                                                                        
 
                                                                                                                                                        The normal command output is as follows:
                                                                                                                                                        
-
                                                                                                                                                        Figure 2 Running status of chronyd
                                                                                                                                                        
+
                                                                                                                                                        Figure 2 Running status of chronyd
                                                                                                                                                        
 
                                                                                                                                                        If the problem persists after chronyd is restarted, contact technical support.
                                                                                                                                                        
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0452.html b/docs/cce/umn/cce_10_0452.html
index 6fa05bcbf..7403267a1 100644
--- a/docs/cce/umn/cce_10_0452.html
+++ b/docs/cce/umn/cce_10_0452.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                      Node CPU Cores
                                                                                                                                                      
-
                                                                                                                                                      Check Items
                                                                                                                                                      Check and make sure that the master nodes in your cluster have more than 2 CPU cores.
                                                                                                                                                      
+
                                                                                                                                                      Check Items
                                                                                                                                                      Check and make sure that the master nodes in your cluster have more than 2 CPU cores.
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                      Solution
                                                                                                                                                      The number of CPU cores on the master nodes is 2, which may lead to a cluster upgrade failure.
                                                                                                                                                      
-
                                                                                                                                                      Contact technical support to expand the number of CPU cores to four or more.
                                                                                                                                                      
+
                                                                                                                                                      Solution
                                                                                                                                                      The number of CPU cores on the master nodes is 2, which may lead to a cluster upgrade failure.
                                                                                                                                                      
+
                                                                                                                                                      Contact technical support to expand the number of CPU cores to four or more.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0453.html b/docs/cce/umn/cce_10_0453.html
index b33ed3a7b..e18617796 100644
--- a/docs/cce/umn/cce_10_0453.html
+++ b/docs/cce/umn/cce_10_0453.html
@@ -7,7 +7,7 @@
 echo $?
 
                                                                                                                                                      If the command output is not 0, the check fails.
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                      Solution
                                                                                                                                                      Install Python before the upgrade.
                                                                                                                                                      
+
                                                                                                                                                      Solution
                                                                                                                                                      Reset the node or manually install Python before attempting the upgrade again.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0456.html b/docs/cce/umn/cce_10_0456.html
index 8ffc43a1a..7e204abc8 100644
--- a/docs/cce/umn/cce_10_0456.html
+++ b/docs/cce/umn/cce_10_0456.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the command output is abnormal, run the systemctl restart systemd-journald command and obtain the status again.
                                                                                                                                                      
 
                                                                                                                                                      The normal command output is as follows:
                                                                                                                                                      
-
                                                                                                                                                      Figure 1 Running status of journald
                                                                                                                                                      
+
                                                                                                                                                      Figure 1 Running status of journald
                                                                                                                                                      
 
                                                                                                                                                      If the problem persists after journald is restarted, contact technical support.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0457.html b/docs/cce/umn/cce_10_0457.html
index db3a8f13b..282f29e65 100644
--- a/docs/cce/umn/cce_10_0457.html
+++ b/docs/cce/umn/cce_10_0457.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                      containerd.sock
                                                                                                                                                      
-
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.
                                                                                                                                                      
+
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the containerd.sock file is on the node. This file affects the startup of container runtime in the Euler OS.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      Scenario: The Docker used by the node is the customized Euler-docker.
                                                                                                                                                      
-
                                                                                                                                                      1. Log in to the node.
                                                                                                                                                      2. Run the rpm -qa | grep docker | grep euleros command. If the command output is not empty, the Docker used on the node is Euler-docker.
                                                                                                                                                      3. Run the ls /run/containerd/containerd.sock command. If the file exists, Docker startup will fail.
                                                                                                                                                      4. Run the rm -rf /run/containerd/containerd.sock command and perform the cluster upgrade check again.
                                                                                                                                                      
+
                                                                                                                                                      1. Log in to the node.
                                                                                                                                                      2. Run the rpm -qa | grep docker | grep euleros command. If the command output is not empty, the Docker used on the node is Euler-docker.
                                                                                                                                                      3. Run the stat /run/containerd/containerd.sock command. If the file exists, Docker startup will fail.
                                                                                                                                                      4. Run the rm -rf /run/containerd/containerd.sock command and perform the cluster upgrade check again.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0458.html b/docs/cce/umn/cce_10_0458.html
index 82a7ccba4..d713962eb 100644
--- a/docs/cce/umn/cce_10_0458.html
+++ b/docs/cce/umn/cce_10_0458.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                      Internal Error
                                                                                                                                                      
-
                                                                                                                                                      Check Items
                                                                                                                                                      This check item is not typical and implies that an internal error was found during the pre-upgrade check.
                                                                                                                                                      
+
                                                                                                                                                      Check Items
                                                                                                                                                      This check item is not typical and implies that an internal error was found during the pre-upgrade check.
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                      Solution
                                                                                                                                                      Perform the pre-upgrade check again.
                                                                                                                                                      
-
                                                                                                                                                      If it fails again, submit a service ticket to contact technical support.
                                                                                                                                                      
+
                                                                                                                                                      Solution
                                                                                                                                                      Perform the pre-upgrade check again.
                                                                                                                                                      
+
                                                                                                                                                      If it fails again, submit a service ticket to contact technical support.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0459.html b/docs/cce/umn/cce_10_0459.html
index e55e41e2a..88dde4e2d 100644
--- a/docs/cce/umn/cce_10_0459.html
+++ b/docs/cce/umn/cce_10_0459.html
@@ -1,16 +1,25 @@
 
 
 
                                                                                                                                                      Node Mount Points
                                                                                                                                                      
-
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether inaccessible mount points exist on the node.
                                                                                                                                                      
+
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether there are inaccessible mount points on the node.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      Scenario: There are inaccessible mount points on the node.
                                                                                                                                                      
 
                                                                                                                                                      If NFS (such as obsfs or SFS) is used by the node and the node is disconnected from the NFS server, the mount point would be inaccessible and all processes that access this mount point are in D state.
                                                                                                                                                      
-
                                                                                                                                                      1. Log in to the node.
                                                                                                                                                      2. Run the following commands on the node in sequence:
                                                                                                                                                        - df -h
-- for dir in `df -h | grep -v "Mounted on" | awk "{print \\$NF}"`;do cd $dir; done && echo "ok"
                                                                                                                                                        
-
                                                                                                                                                      3. If ok is returned, no problem occurs.
                                                                                                                                                        Otherwise, start another terminal and run the following command to check whether the previous command is in the D state:
                                                                                                                                                        - ps aux | grep "D "
                                                                                                                                                        
-
                                                                                                                                                        
-
                                                                                                                                                      4. If a process is in the D state, the problem occurs. You can restart the node to solve the problem. Restart the node and upgrade the cluster again.
                                                                                                                                                         
                                                                                                                                                        Workloads running on the node will be rescheduled after a node is restarted. Check whether services will be affected before restarting the node.
                                                                                                                                                        
-
                                                                                                                                                        
+
                                                                                                                                                        1. Log in to the node.
                                                                                                                                                        2. Create a script file, for example, /tmp/check_hang_mount.sh on the node. The content of the script file is as follows:
                                                                                                                                                          for mount_path in `cat /proc/self/mountinfo | awk '{print $5}' | grep -v netns`
+do  
+    timeout 10 sh -c "cd $mount_path"
+    if [ $? == 124 ];then
+        echo "$mount_path hang mount"
+    fi
+done
                                                                                                                                                          
+
                                                                                                                                                        3. Run the saved script and check the output.
                                                                                                                                                          
+
                                                                                                                                                          The mount points of the /root/foo and /root/bar folders are incorrect.
                                                                                                                                                          
+
                                                                                                                                                        4. Run the following command to check the suspended mount points:
                                                                                                                                                          mount -n | grep /root/foo
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          When a mount point is suspended, it typically indicates that services are not using it anymore. After confirming that the mount point is no longer required, run the following command to unmount it and then re-execute the previously mentioned script:
                                                                                                                                                          
+
                                                                                                                                                          umount -l -f localhost:/tmp/nfs
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          After the execution, perform the check again on the pre-upgrade check page.
                                                                                                                                                          
 
                                                                                                                                                        
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0460.html b/docs/cce/umn/cce_10_0460.html
index 3d6cb70a2..5075f2907 100644
--- a/docs/cce/umn/cce_10_0460.html
+++ b/docs/cce/umn/cce_10_0460.html
@@ -19,7 +19,7 @@
 
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      Scenario 1: The node is skipped during the cluster upgrade.
                                                                                                                                                      
-
                                                                                                                                                      1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                      2. Check the kubelet version of the corresponding node. The following information is expected:
                                                                                                                                                        Figure 1 kubelet version
                                                                                                                                                        
+
                                                                                                                                                        1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                        2. Check the kubelet version of the corresponding node. The following information is expected:
                                                                                                                                                          Figure 1 kubelet version
                                                                                                                                                          
 
                                                                                                                                                          If the version of the node is different from that of other nodes, the node is skipped during the upgrade. Reset the node and upgrade the cluster again. For details about how to reset a node, see Resetting a Node.
                                                                                                                                                          
 
                                                                                                                                                           
                                                                                                                                                          Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                                                          
 
                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0462.html b/docs/cce/umn/cce_10_0462.html
index bed656290..1590f27ce 100644
--- a/docs/cce/umn/cce_10_0462.html
+++ b/docs/cce/umn/cce_10_0462.html
@@ -60,7 +60,7 @@
 
                                                                                                                                              Table 1 Cluster status
                                                                                                                                              Status
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Description
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0431.html b/docs/cce/umn/cce_10_0431.html
index 5d9b22ec1..32b029138 100644
--- a/docs/cce/umn/cce_10_0431.html
+++ b/docs/cce/umn/cce_10_0431.html
@@ -22,14 +22,12 @@
 
                                                                                                                                              
 
                                                                                                                                              Ubuntu
                                                                                                                                              
 
                                                                                                                                              If the check result shows that the upgrade is not supported due to regional restrictions, contact technical support.
                                                                                                                                              
-
                                                                                                                                               NOTE: 
                                                                                                                                              If the target version is v1.27 or later, only Ubuntu 22.04 supports the upgrade.
                                                                                                                                              
-
                                                                                                                                              
+
                                                                                                                                              If the target version is v1.27 or later, only Ubuntu 22.04 supports the upgrade.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              HCE OS 2.0
                                                                                                                                              
+
                                                                                                                                              HCE OS 2.0
                                                                                                                                              
 
                                                                                                                                              If the check result shows that the upgrade is not supported due to regional restrictions, contact technical support.
                                                                                                                                              
+
                                                                                                                                              Unlimited
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
 
 
 
 
                                                                                                                                              
 
                                                                                                                                              
 
-
                                                                                                                                              Mapping between Node OSs and Container Engines
                                                                                                                                               
                                                                                                                                              • VPC network clusters of v1.23 or later versions support containerd. Tunnel network clusters of v1.23.2-r0 or later versions support containerd.
                                                                                                                                              
+
                                                                                                                                              Mapping Between Node OSs and Container Engines
                                                                                                                                               
                                                                                                                                              VPC network clusters of v1.23 or later versions support containerd. Tunnel network clusters of v1.23.2-r0 or later versions support containerd.
                                                                                                                                              
 
                                                                                                                                              
 
 
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0477.html b/docs/cce/umn/cce_10_0477.html
index d6445089c..552c2e332 100644
--- a/docs/cce/umn/cce_10_0477.html
+++ b/docs/cce/umn/cce_10_0477.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                              Service Account Token Security Improvement
                                                                                                                                              In clusters earlier than v1.21, a token is obtained by mounting the secret of the service account to a pod. Tokens obtained this way are permanent. This approach is no longer recommended starting from version 1.21. Service accounts will stop auto creating secrets in clusters from version 1.25.
                                                                                                                                              
-
                                                                                                                                              In clusters of version 1.21 or later, you can use the TokenRequest API to obtain the token and use the projected volume to mount the token to the pod. Such tokens are valid for a fixed period (one hour by default). Before expiration, Kubelet refreshes the token to ensure that the pod always uses a valid token. When the mounting pod is deleted, the token automatically becomes invalid. This approach is implemented by the BoundServiceAccountTokenVolume feature to improve the token security of the service account. Kubernetes clusters of v1.21 and later enable this approach by default.
                                                                                                                                              
+
                                                                                                                                              In clusters of version 1.21 or later, you can use the TokenRequest API to obtain the token and use the projected volume to mount the token to the pod. Such tokens are valid for a fixed period (one hour by default). Before expiration, kubelet refreshes the token to ensure that the pod always uses a valid token. When the mounting pod is deleted, the token automatically becomes invalid. This approach is implemented by the BoundServiceAccountTokenVolume feature to improve the token security of the service account. Kubernetes clusters of v1.21 and later enable this approach by default.
                                                                                                                                              
 
                                                                                                                                              For smooth transition, the community extends the token validity period to one year by default. After one year, the token becomes invalid, and clients that do not support certificate reloading cannot access the API server. It is recommended that clients of earlier versions be upgraded as soon as possible. Otherwise, service faults may occur.
                                                                                                                                              
 
                                                                                                                                              If you use a Kubernetes client of a to-be-outdated version, the certificate reloading may fail. Versions of officially supported Kubernetes client libraries able to reload tokens are as follows:
                                                                                                                                              
 
                                                                                                                                              • Go: >= v0.15.7
                                                                                                                                              • Python: >= v12.0.0
                                                                                                                                              • Java: >= v9.0.0
                                                                                                                                              • Javascript: >= v0.10.3
                                                                                                                                              • Ruby: master branch
                                                                                                                                              • Haskell: v0.3.0.0
                                                                                                                                              • C#: >= 7.0.5
                                                                                                                                              
@@ -11,7 +11,7 @@
 
                                                                                                                                              Diagnosis
                                                                                                                                              Perform the following steps to check your CCE clusters of v1.21 or later:
                                                                                                                                              
 
                                                                                                                                              1. Use kubectl to access the cluster and run the kubectl get --raw "/metrics" | grep stale command to obtain the metrics. Check the metric named serviceaccount_stale_tokens_total.
                                                                                                                                                If the value is greater than 0, some workloads in the cluster may be using an earlier client-go version. In this case, check whether this problem occurs in your deployed applications. If yes, upgrade client-go to the version specified by the community as soon as possible. The version must be at least two major versions of the CCE cluster. For example, if your cluster version is 1.23, the Kubernetes dependency library version must be at least 1.19.
                                                                                                                                                
-
                                                                                                                                                
+
                                                                                                                                                
 
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0479.html b/docs/cce/umn/cce_10_0479.html
index a7e7f3106..8be6468ec 100644
--- a/docs/cce/umn/cce_10_0479.html
+++ b/docs/cce/umn/cce_10_0479.html
@@ -1,10 +1,10 @@
 
                                                                                                                                              cce-hpa-controller Limitations
                                                                                                                                              
-
                                                                                                                                              Check Items
                                                                                                                                              Check whether there are compatibility limitations between the current and target cce-controller-hpa add-on versions.
                                                                                                                                              
+
                                                                                                                                              Check Items
                                                                                                                                              Check whether there are compatibility limitations between the current and target cce-controller-hpa add-on versions.
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Solution
                                                                                                                                              There are compatibility limitations between the current and target versions of the cce-controller-hpa add-on. To address this, install an add-on that provides metrics APIs, like metrics-server, in the cluster.
                                                                                                                                              
-
                                                                                                                                              Install the metrics add-on in the cluster and try again.
                                                                                                                                              
+
                                                                                                                                              Solution
                                                                                                                                              There are compatibility limitations between the current and target versions of the cce-controller-hpa add-on. To address this, install an add-on that provides metrics APIs, like metrics-server, in the cluster.
                                                                                                                                              
+
                                                                                                                                              Install the metrics add-on in the cluster and try again.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0484.html b/docs/cce/umn/cce_10_0484.html
index f433025fd..2892cb461 100644
--- a/docs/cce/umn/cce_10_0484.html
+++ b/docs/cce/umn/cce_10_0484.html
@@ -1,12 +1,12 @@
 
 
 
                                                                                                                                              Health of Worker Node Components
                                                                                                                                              
-
                                                                                                                                              Check Items
                                                                                                                                              Check whether the container runtime and network components on the worker nodes are healthy.
                                                                                                                                              
+
                                                                                                                                              Check Items
                                                                                                                                              Check whether the container runtime and network components on the worker nodes are healthy.
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Solution
                                                                                                                                              • Issue 1: CNI Agent is not active.
                                                                                                                                                If your cluster version is earlier than v1.17.17, or you are using the underlay_ipvlan network model and your cluster version is later than v1.17.17, log in to the node and run the systemctl status canal command to check the status of canal. If you encounter an error, run the systemctl restart canal command and check the status again.
                                                                                                                                                
-
                                                                                                                                                If you are using the VPC or Cloud Native 2.0 network model and your cluster version is later than v1.17.17, log in to the node and run the systemctl status yangtse command to check the status of Yangtse. If you encounter an error, run the systemctl restart yangtse command and check the status again.
                                                                                                                                                
-
                                                                                                                                              • Issue 2: kube-proxy is not active.
                                                                                                                                                Log in to the node and run the systemctl is-active kube-proxy command to check the status of kube-proxy. If you encounter an error, run the systemctl restart kube-proxy command and check the status again.
                                                                                                                                                
-
                                                                                                                                                If the fault persists, reset the node. For details, see Resetting a Node.
                                                                                                                                                
+
                                                                                                                                                Solution
                                                                                                                                                • Issue 1: CNI Agent is not active.
                                                                                                                                                  If your cluster version is earlier than v1.17.17, or you are using the underlay_ipvlan network model and your cluster version is later than v1.17.17, log in to the node and run the systemctl status canal command to check the status of canal. If you encounter an error, run the systemctl restart canal command and check the status again.
                                                                                                                                                  
+
                                                                                                                                                  If you are using the VPC or Cloud Native 2.0 network model and your cluster version is later than v1.17.17, log in to the node and run the systemctl status yangtse command to check the status of Yangtse. If you encounter an error, run the systemctl restart yangtse command and check the status again.
                                                                                                                                                  
+
                                                                                                                                                • Issue 2: kube-proxy is not active.
                                                                                                                                                  Log in to the node and run the systemctl is-active kube-proxy command to check the status of kube-proxy. If you encounter an error, run the systemctl restart kube-proxy command and check the status again.
                                                                                                                                                  
+
                                                                                                                                                  If the fault persists, reset the node. For details, see Resetting a Node.
                                                                                                                                                  
 
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0485.html b/docs/cce/umn/cce_10_0485.html
index 286d2299d..0d94f19fc 100644
--- a/docs/cce/umn/cce_10_0485.html
+++ b/docs/cce/umn/cce_10_0485.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                              Health of Master Node Components
                                                                                                                                              
-
                                                                                                                                              Check Items
                                                                                                                                              Check whether cluster components such as the Kubernetes component, container runtime component, and network component are running properly before the upgrade.
                                                                                                                                              
+
                                                                                                                                              Check Items
                                                                                                                                              Check whether cluster components such as the Kubernetes component, container runtime component, and network component are running properly before the upgrade.
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Solution
                                                                                                                                              Perform the pre-upgrade check again.
                                                                                                                                              
-
                                                                                                                                              If it fails again, submit a service ticket to contact technical support.
                                                                                                                                              
+
                                                                                                                                              Solution
                                                                                                                                              Perform the pre-upgrade check again.
                                                                                                                                              
+
                                                                                                                                              If it fails again, submit a service ticket to contact technical support.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0489.html b/docs/cce/umn/cce_10_0489.html
index 9bdca3895..32485c011 100644
--- a/docs/cce/umn/cce_10_0489.html
+++ b/docs/cce/umn/cce_10_0489.html
@@ -4,7 +4,7 @@
 
                                                                                                                                              Check Items
                                                                                                                                              Check whether NetworkManager of a node is normal.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              Solution
                                                                                                                                              Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager. If the command output is abnormal, run the systemctl restart NetworkManager command and obtain the status again.
                                                                                                                                              
-
                                                                                                                                              If the problem persists after NetworkManager is restarted, contact technical support.
                                                                                                                                              
+
                                                                                                                                              If the fault persists, reset the node. For details, see Resetting a Node. Alternatively, contact technical support to restore the file and then perform the upgrade.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0492.html b/docs/cce/umn/cce_10_0492.html
index 2779463ca..2d9d6b9aa 100644
--- a/docs/cce/umn/cce_10_0492.html
+++ b/docs/cce/umn/cce_10_0492.html
@@ -51,7 +51,7 @@
 
                                                                                                                                              Table 2 Node OSs and container engines in CCE clusters
                                                                                                                                              OS
                                                                                                                                              
@@ -431,8 +431,10 @@
 
 
                                                                                                                                              Although Docker has added functions such as swarm cluster, docker build, and Docker APIs, it also introduces bugs. Compared with containerd, Docker has one more layer of calling. Therefore, containerd is more resource-saving and secure.
                                                                                                                                              
 
-
                                                                                                                                              Container Engine Versions
                                                                                                                                              • Docker
                                                                                                                                                • EulerOS/CentOS: docker-engine 18.9.0, a Docker version customized for CCE. Security vulnerabilities will be fixed in a timely manner.
                                                                                                                                                
-
                                                                                                                                              • containerd: 1.6.14
                                                                                                                                              
+
                                                                                                                                              Container Engine Versions
                                                                                                                                              • Docker
                                                                                                                                                • EulerOS/CentOS: docker-engine 18.9.0, a Docker version customized for CCE. Security vulnerabilities will be fixed promptly.
                                                                                                                                                
+
                                                                                                                                              • containerd: 1.6.14
                                                                                                                                                 
                                                                                                                                                If the cluster version is v1.28.8-r0, v1.29.4-r0, v1.30.1-r0, or later, upgrade containerd to 1.7.16.
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0476.html b/docs/cce/umn/cce_10_0476.html
index 0fcb5df11..fe07e7189 100644
--- a/docs/cce/umn/cce_10_0476.html
+++ b/docs/cce/umn/cce_10_0476.html
@@ -22,28 +22,39 @@
 
                                                                                                                                              		
 
                                                                                                                                              
 
                                                                                                                                              HCE OS 2.0
                                                                                                                                              
+
                                                                                                                                              HCE OS 2.0
                                                                                                                                              
 
                                                                                                                                              v1.29
                                                                                                                                              
+
                                                                                                                                              v1.30
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                                                              
+
                                                                                                                                              5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              v1.28
                                                                                                                                              
+
                                                                                                                                              v1.29
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                                                              
+
                                                                                                                                              5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                                                                              
+
                                                                                                                                              v1.28
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.27
                                                                                                                                              
@@ -54,7 +65,7 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                                                              
+
                                                                                                                                              5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.25
                                                                                                                                              
@@ -65,31 +76,42 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                                                              
+
                                                                                                                                              5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Ubuntu 22.04
                                                                                                                                              
+
                                                                                                                                              Ubuntu 22.04
                                                                                                                                              
 
                                                                                                                                              v1.29
                                                                                                                                              
+
                                                                                                                                              v1.30
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              x
                                                                                                                                              
+
                                                                                                                                              x
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.15.0-53-generic
                                                                                                                                              
+
                                                                                                                                              5.15.0-113-generic
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              v1.28
                                                                                                                                              
+
                                                                                                                                              v1.29
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              x
                                                                                                                                              
+
                                                                                                                                              x
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.15.0-53-generic
                                                                                                                                              
+
                                                                                                                                              5.15.0-113-generic
                                                                                                                                              
+
                                                                                                                                              v1.28
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              x
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              5.15.0-113-generic
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.27
                                                                                                                                              
@@ -100,7 +122,7 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.15.0-53-generic
                                                                                                                                              
+
                                                                                                                                              5.15.0-113-generic
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.25
                                                                                                                                              
@@ -111,31 +133,42 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              5.15.0-53-generic
                                                                                                                                              
+
                                                                                                                                              5.15.0-113-generic
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              EulerOS release 2.9
                                                                                                                                              
+
                                                                                                                                              EulerOS release 2.9
                                                                                                                                              
 
                                                                                                                                              v1.29
                                                                                                                                              
+
                                                                                                                                              v1.30
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              v1.28
                                                                                                                                              
+
                                                                                                                                              v1.29
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
+
                                                                                                                                              v1.28
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              √
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.27
                                                                                                                                              
@@ -146,7 +179,7 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.25
                                                                                                                                              
@@ -157,7 +190,7 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.23
                                                                                                                                              
@@ -168,7 +201,7 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.21
                                                                                                                                              
@@ -179,7 +212,7 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              v1.19
                                                                                                                                              
@@ -190,53 +223,7 @@
                                                                                                                                               		
 
                                                                                                                                              √
                                                                                                                                              
 
                                                                                                                                              4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                              
-
                                                                                                                                              EulerOS release 2.5
                                                                                                                                              
-
                                                                                                                                              v1.25
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                              
-
                                                                                                                                              v1.23
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                              
-
                                                                                                                                              v1.21
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                              
-
                                                                                                                                              v1.19
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              √
                                                                                                                                              
-
                                                                                                                                              3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                              
+
                                                                                                                                              4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
                                                                                                                                               
 
 
 
 
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Solution
                                                                                                                                              Contact technical support to restore the configuration file and then perform the upgrade.
                                                                                                                                              
+
                                                                                                                                              Solution
                                                                                                                                              Reset the node. For details, see Resetting a Node. Alternatively, contact technical support to restore the file and then perform the upgrade.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0493.html b/docs/cce/umn/cce_10_0493.html
index 9aac64556..18d240d6d 100644
--- a/docs/cce/umn/cce_10_0493.html
+++ b/docs/cce/umn/cce_10_0493.html
@@ -22,7 +22,7 @@ exit(1);
 " > corefile_record.txt
 cat corefile_record.txt
 
                                                                                                                                            16. Compare the output differences between 2 and 3.
                                                                                                                                              diff corefile_now.txt corefile_record.txt -y;
                                                                                                                                              
-
                                                                                                                                              Figure 1 Viewing output differences
                                                                                                                                              
+
                                                                                                                                              Figure 1 Viewing output differences
                                                                                                                                              
 
                                                                                                                                            17. Return to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, select CoreDNS, and click Upgrade.
                                                                                                                                              To retain custom configurations, use either of the following methods:
                                                                                                                                              • (Recommended) Set parameterSyncStrategy to inherit. In this case, custom settings are automatically inherited. The system automatically parses, identifies, and inherits custom parameters.
                                                                                                                                              • Set parameterSyncStrategy to force. Manually enter the differential configuration. For details, see CoreDNS.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                            18. Click OK. After the add-on upgrade is complete, check whether all CoreDNS instances are available and whether Corefile meets the expectation.
                                                                                                                                              kubectl get cm -nkube-system coredns -o jsonpath='{.data.Corefile}'
                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0494.html b/docs/cce/umn/cce_10_0494.html
index 16774eb3a..a8135df7e 100644
--- a/docs/cce/umn/cce_10_0494.html
+++ b/docs/cce/umn/cce_10_0494.html
@@ -5,6 +5,7 @@
 
                                                                                                                                              19. 
 
                                                                                                                                              Solution
                                                                                                                                              • Scenario 1: The sudo command fails to be executed.
                                                                                                                                                During the in-place cluster upgrade, the sudo command must be available. Log in to the node and run the following command to check whether the sudo command is available:
                                                                                                                                                
 
                                                                                                                                                sudo echo hello
                                                                                                                                                
+
                                                                                                                                                If the sudo command is unavailable, copy this command from another node to the target node.
                                                                                                                                                
 
                                                                                                                                              
 
                                                                                                                                              • Scenario 2: Key files cannot be modified.
                                                                                                                                                During the in-place cluster upgrade, the /etc/sudoers and /etc/sudoers.d/sudoerspaas files are modified to obtain the sudo permission and update the components (such as Docker and kubelet) whose owner and owner group are root and related configuration files on the node. Log in to the node and run the following command to check whether the file can be modified:
                                                                                                                                                
 
                                                                                                                                                lsattr -l /etc/sudoers.d/sudoerspaas /etc/sudoers
                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0495.html b/docs/cce/umn/cce_10_0495.html
index 38b4240da..06f095c20 100644
--- a/docs/cce/umn/cce_10_0495.html
+++ b/docs/cce/umn/cce_10_0495.html
@@ -4,21 +4,15 @@
 
                                                                                                                                                Check Items
                                                                                                                                                Whether some key commands that the node upgrade depends on are working
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                Solution
                                                                                                                                                • Scenario 1: Executing the package manager command failed.
                                                                                                                                                  Executing the rpm or dpkg command failed. In this case, log in to the affected node and check whether the following commands are available:
                                                                                                                                                  
-
                                                                                                                                                  • rpm:
                                                                                                                                                    rpm -qa
                                                                                                                                                    
-
                                                                                                                                                    Run the following command for recovery:
                                                                                                                                                    rpm --rebuilddb
                                                                                                                                                    
+
                                                                                                                                                    rpm -qa
                                                                                                                                                    
+
                                                                                                                                                    If the preceding command is unavailable, run the following command:
                                                                                                                                                    rpm --rebuilddb
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                  • dpkg:
                                                                                                                                                    dpkg -l
                                                                                                                                                    
-
                                                                                                                                                    Run the following command for recovery:
                                                                                                                                                    dpkg --configure -a
                                                                                                                                                    
-
                                                                                                                                                    
-
                                                                                                                                                  
 
                                                                                                                                                
 
                                                                                                                                                • Scenario 2: The systemctl status command fails to be executed.
                                                                                                                                                  If the systemctl status command on a node is unavailable, many check items will be affected. Log in to the node and check the availability of the following commands:
                                                                                                                                                  
 
                                                                                                                                                  systemctl status kubelet
                                                                                                                                                  
+
                                                                                                                                                  If the fault persists, reset the node. For details, see Resetting a Node.
                                                                                                                                                  
 
                                                                                                                                                
 
                                                                                                                                                
-
                                                                                                                                                • Scenario 3: Executing the Python command failed.
                                                                                                                                                  Check whether the command can be executed on the node.
                                                                                                                                                  /usr/bin/python --version 
                                                                                                                                                  
-
                                                                                                                                                  
-
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0497.html b/docs/cce/umn/cce_10_0497.html
index 603f66d26..c4a073480 100644
--- a/docs/cce/umn/cce_10_0497.html
+++ b/docs/cce/umn/cce_10_0497.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                1. Log in to the ELB console, choose Elastic Load Balance > Certificates, locate the certificate, and find the secret_id in the certificate description.
                                                                                                                                                  The secret_id is the metadata.uid of the secret in the cluster. Use this UID to obtain the secret name in the cluster.
                                                                                                                                                  
 
                                                                                                                                                  Run the following kubectl command to obtain the secret name (replace <secret_id> with the actual value):
                                                                                                                                                  kubectl get secret --all-namespaces -o jsonpath='{range .items[*]}{"uid:"}{.metadata.uid}{" namespace:"}{.metadata.namespace}{" name:"}{.metadata.name}{"\n"}{end}' | grep <secret_id>
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                2. Only clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, and later versions support certificates required by load balancers. For clusters of the earlier versions, see Solution 1. For clusters of other versions, see Solution 2.
                                                                                                                                                  • Solution 1: Replace the certificate used by an ingress with the one used by the load balancer. Then, you can create or edit the certificate on the ELB console.
                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, locate the row containing the ingress that uses the certificate, and choose More > Update in the Operation column. If multiple ingresses are using this certificate, update the certificate for all of these ingresses. To check which ingresses are using a certificate, use the secretName parameter in spec.tls of the ingress YAML files.
                                                                                                                                                      Run the following kubectl command to obtain the ingresses using a certificate (replace <secret_name> with the actual value):
                                                                                                                                                      
+
                                                                                                                                                    2. Only clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, and later versions support certificates required by load balancers. For clusters of the earlier versions, see Solution 1. For clusters of other versions, see Solution 2.
                                                                                                                                                      • Solution 1: Replace the certificate used by an ingress with the one used by the load balancer. Then, you can create or edit the certificate on the ELB console.
                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, locate the row containing the ingress that uses the certificate, and choose More > Update in the Operation column. If multiple ingresses are using this certificate, update the certificate for all of these ingresses. To check which ingresses are using a certificate, use the secretName parameter in spec.tls of the ingress YAML files.
                                                                                                                                                          Run the following kubectl command to obtain the ingresses using a certificate (replace <secret_name> with the actual value):
                                                                                                                                                          
 
                                                                                                                                                          kubectl get ingress --all-namespaces -o jsonpath='{range .items[*]}{"namespace:"}{.metadata.namespace}{" name:"}{.metadata.name}{" tls:"}{.spec.tls[*]}{"\n"}{end}' | grep <secret_name>
                                                                                                                                                          
 
                                                                                                                                                        2. When configuring a listener, select ELB server certificate for Certificate Source and click OK. In this way, the certificate can be created or edited on the ELB console.
                                                                                                                                                        3. On the ConfigMaps and Secrets page, delete the target secret. Before the deletion, back up data.
                                                                                                                                                        
 
                                                                                                                                                      • Solution 2: Overwrite the certificate used by an ingress with the corresponding secret resource of the cluster to prevent the certificate being updated on the ELB console during the cluster upgrade.
                                                                                                                                                        Log in to the CCE console and click the cluster name to access the cluster console. Choose ConfigMaps and Secrets from the navigation pane, click the Secrets tab, locate the row containing the target secret, click Update in the Operation column, and enter the certificate you are using.
                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0498.html b/docs/cce/umn/cce_10_0498.html
index 95bae5d9c..de1a967d9 100644
--- a/docs/cce/umn/cce_10_0498.html
+++ b/docs/cce/umn/cce_10_0498.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                      
 
                                                                                                                                                
 
                                                                                                                                                Solution
                                                                                                                                                How Do I Check Whether a Disk Is Shared?
                                                                                                                                                
-
                                                                                                                                                1. Log in to the target node based on the check information.
                                                                                                                                                2. Run the lsblk command to check whether vgpaas-share is mounted to /mnt/paas. If yes, a shared disk is used.
                                                                                                                                                  Figure 1 Checking whether a shared disk is used
                                                                                                                                                  
+
                                                                                                                                                  1. Log in to the target node based on the check information.
                                                                                                                                                  2. Run the lsblk command to check whether vgpaas-share is mounted to /mnt/paas. If yes, a shared disk is used.
                                                                                                                                                    Figure 1 Checking whether a shared disk is used
                                                                                                                                                    
 
                                                                                                                                                  
 
                                                                                                                                                  What Can I Do If an Error Occurred in a Node Mounting Check?
                                                                                                                                                  
 
                                                                                                                                                  1. Cancel the manually modified mount point.
                                                                                                                                                  2. Cancel the modification on the default soft links.
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0501.html b/docs/cce/umn/cce_10_0501.html
index a946b8f72..c515d4a76 100644
--- a/docs/cce/umn/cce_10_0501.html
+++ b/docs/cce/umn/cce_10_0501.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Historical Upgrade Records
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check the historical upgrade records of the cluster and confirm that the current version of the cluster meets the requirements for upgrading to the target version.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check the historical upgrade records of the cluster and confirm that the current version of the cluster meets the requirements for upgrading to the target version.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  Upgrading your cluster from an earlier version can be risky and may result in this issue. To avoid this, it is recommended that you migrate the cluster beforehand.
                                                                                                                                                  
-
                                                                                                                                                  If you still want to proceed with the cluster upgrade, submit a service ticket to contact technical support for evaluation.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Upgrading your cluster from an earlier version can be risky and may result in this issue. To avoid this, it is recommended that you migrate the cluster beforehand.
                                                                                                                                                  
+
                                                                                                                                                  If you still want to proceed with the cluster upgrade, submit a service ticket to contact technical support for evaluation.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0502.html b/docs/cce/umn/cce_10_0502.html
index 2f20676aa..1830b07da 100644
--- a/docs/cce/umn/cce_10_0502.html
+++ b/docs/cce/umn/cce_10_0502.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  CIDR Block of the Cluster Management Plane
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the CIDR block of the cluster management plane is the same as that configured on the backbone network.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the CIDR block of the cluster management plane is the same as that configured on the backbone network.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  The CIDR block of the management plane has been modified in your region. As a result, the CIDR block of the management plane and that of the backbone network are inconsistent.
                                                                                                                                                  
-
                                                                                                                                                  Submit a service ticket to contact technical support to modify the settings, and recheck the configurations.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  The CIDR block of the management plane has been modified in your region. As a result, the CIDR block of the management plane and that of the backbone network are inconsistent.
                                                                                                                                                  
+
                                                                                                                                                  Submit a service ticket to contact technical support to modify the settings, and recheck the configurations.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0503.html b/docs/cce/umn/cce_10_0503.html
index 2681bc9d2..02bb1035a 100644
--- a/docs/cce/umn/cce_10_0503.html
+++ b/docs/cce/umn/cce_10_0503.html
@@ -5,10 +5,7 @@
 
                                                                                                                                                  
 
                                                                                                                                                  Solution
                                                                                                                                                  The GPU add-on driver needs to be configured by yourself. Check the compatibility between the GPU add-on and the GPU driver. It is a good practice to verify the upgrade of the GPU driver to the target version in the test environment, configure the current GPU driver, and check whether the created GPU node can run properly.
                                                                                                                                                  
 
                                                                                                                                                  Perform the following operations to check the upgrade of the GPU driver to the target version and current driver configuration of GPU add-on:
                                                                                                                                                  
-
                                                                                                                                                  1. Log in to the CCE console and click Add-ons to view the GPU add-on.
                                                                                                                                                     
                                                                                                                                                    gpu-beta is the same as gpu-device-plugin. gpu-beta is renamed gpu-device-plugin in versions later than 2.0.0.
                                                                                                                                                    
-
                                                                                                                                                    
-
                                                                                                                                                  2. Click Upgrade of the add-on to view the target version and driver configuration of the add-on.
                                                                                                                                                    
-
                                                                                                                                                  3. Verify the upgrade of the GPU driver to the target version in the test environment, configure the current GPU driver, and check whether the created GPU node can run properly.
                                                                                                                                                    If the GPU add-on and the GPU driver are incompatible, install the driver of a later version. If necessary, contact technical support.
                                                                                                                                                    
+
                                                                                                                                                    1. Log in to the CCE console. In the navigation pane, choose Add-ons. Then, check the CCE AI Suite (NVIDIA GPU) add-on.
                                                                                                                                                    2. Click Upgrade of the add-on and check the target version and driver version of the add-on.
                                                                                                                                                    3. Verify the upgrade of the GPU driver to the target version in the test environment, configure the current GPU driver, and check whether the created GPU node can run properly.
                                                                                                                                                      If the GPU add-on and the GPU driver are incompatible, install the driver of a later version. If necessary, contact technical support.
                                                                                                                                                      
 
                                                                                                                                                    
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0504.html b/docs/cce/umn/cce_10_0504.html
index 727c11e6c..6c49978cd 100644
--- a/docs/cce/umn/cce_10_0504.html
+++ b/docs/cce/umn/cce_10_0504.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Nodes' System Parameters
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the default system parameter settings on your nodes are modified.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the default system parameter settings on your nodes are modified.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  If the MTU value of the bond0 network on your BMS node is not the default value 1500, this check item failed.
                                                                                                                                                  
-
                                                                                                                                                  Non-default parameter settings may lead to service packet loss. Change them back to the default values.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  If the MTU value of the bond0 network on your BMS node is not the default value 1500, this check item failed.
                                                                                                                                                  
+
                                                                                                                                                  Non-default parameter settings may lead to service packet loss. Change them back to the default values.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0507.html b/docs/cce/umn/cce_10_0507.html
index d9e15178f..49e1ae3f3 100644
--- a/docs/cce/umn/cce_10_0507.html
+++ b/docs/cce/umn/cce_10_0507.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Node Swap
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether swap has been enabled on CCE nodes.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether swap has been enabled on CCE nodes.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  By default, swap is disabled on CCE nodes. Check the necessity of enabling swap manually and determine the impact of disabling this function.
                                                                                                                                                  
-
                                                                                                                                                  If there is no impact, run the swapoff -a command to disable swap and perform the check again.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  By default, swap is disabled on CCE nodes. Check the necessity of enabling swap manually and determine the impact of disabling this function.
                                                                                                                                                  
+
                                                                                                                                                  If there is no impact, run the swapoff -a command to disable swap and perform the check again.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0508.html b/docs/cce/umn/cce_10_0508.html
index 769e5231b..9b4002691 100644
--- a/docs/cce/umn/cce_10_0508.html
+++ b/docs/cce/umn/cce_10_0508.html
@@ -1,35 +1,35 @@
 
 
 
                                                                                                                                                  nginx-ingress Upgrade
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  • Check item 1: Check whether there is an Nginx Ingress route whose ingress type is not specified (kubernetes.io/ingress.class: nginx is not added to annotations) in the cluster.
                                                                                                                                                  • Check item 2: Check whether the DefaultBackend Service specified by the Nginx Ingress Controller backend is available.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  • Check item 1: Check whether there is an Nginx Ingress route whose ingress type is not specified (kubernetes.io/ingress.class: nginx is not added to annotations) in the cluster.
                                                                                                                                                  • Check item 2: Check whether the DefaultBackend Service specified by the NGINX Ingress Controller backend is available.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  Fault Locating
                                                                                                                                                  For Check Item 1
                                                                                                                                                  
-
                                                                                                                                                  For Nginx Ingress, check the YAML. If the ingress type is not specified in the YAML file and the ingress is managed by the Nginx Ingress Controller, the ingress is at risk. 
                                                                                                                                                  
-
                                                                                                                                                  1. Check the Ingress type.
                                                                                                                                                    Run the following command:
                                                                                                                                                    kubectl get ingress <ingress-name> -oyaml | grep -E ' kubernetes.io/ingress.class: | ingressClassName:'
                                                                                                                                                    
-
                                                                                                                                                    • Fault scenario: If the command output is empty, the Ingress type is not specified.
                                                                                                                                                    • Normal scenario: The command output is not empty, indicating that the Ingress type has been specified by annotations or ingressClassName.
                                                                                                                                                      
+
                                                                                                                                                      For Nginx Ingress, check the YAML. If the ingress type is not specified in the YAML file and the ingress is managed by the NGINX Ingress Controller, the ingress is at risk. 
                                                                                                                                                      
+
                                                                                                                                                      1. Check the ingress type.
                                                                                                                                                        Run the following command:
                                                                                                                                                        kubectl get ingress <ingress-name> -oyaml | grep -E ' kubernetes.io/ingress.class: | ingressClassName:'
                                                                                                                                                        
+
                                                                                                                                                        • Fault scenario: If the command output is empty, the ingress type is not specified.
                                                                                                                                                        • Normal scenario: The command output is not empty, indicating that the ingress type has been specified by annotations or ingressClassName.
                                                                                                                                                          
 
                                                                                                                                                        
 
                                                                                                                                                        
-
                                                                                                                                                      2. Ensure that the Ingress is managed by the Nginx Ingress Controller. The LoadBalancer Ingresses are not affected by this issue.
                                                                                                                                                        • For clusters of v1.19, confirm this issue using managedFields.
                                                                                                                                                          kubectl get ingress <ingress-name> -oyaml | grep 'manager: nginx-ingress-controller'
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                        • For clusters of other versions, check the logs of the Nginx Ingress Controller pod.
                                                                                                                                                           kubectl logs -nkube-system cceaddon-nginx-ingress-controller-545db6b4f7-bv74t | grep 'updating Ingress status'
                                                                                                                                                          
-
                                                                                                                                                          
+
                                                                                                                                                        • Ensure that the ingress is managed by the Nginx ingress Controller. The LoadBalancer Ingresses are not affected by this issue.
                                                                                                                                                          • For clusters of v1.19, confirm this issue using managedFields.
                                                                                                                                                            kubectl get ingress <ingress-name> -oyaml | grep 'manager: nginx-ingress-controller'
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                          • For clusters of other versions, check the logs of the NGINX Ingress Controller pod.
                                                                                                                                                             kubectl logs -nkube-system cceaddon-nginx-ingress-controller-545db6b4f7-bv74t | grep 'updating Ingress status'
                                                                                                                                                            
+
                                                                                                                                                            
 
                                                                                                                                                          
-
                                                                                                                                                          If the fault persists, contact technical support personnel.
                                                                                                                                                          
+
                                                                                                                                                          If the fault persists, contact technical support.
                                                                                                                                                          
 
                                                                                                                                                      
 
                                                                                                                                                      For Check Item 2
                                                                                                                                                      
-
                                                                                                                                                      1. View the DefaultBackend Service in the namespace where the Nginx Ingress Controller is deployed.
                                                                                                                                                        kubectl get pod cceaddon-nginx-ingress-<controller-name>-controller-*** -n <namespace> -oyaml | grep 'default-backend'
                                                                                                                                                        
+
                                                                                                                                                        1. View the DefaultBackend Service in the namespace where the NGINX Ingress Controller is deployed.
                                                                                                                                                          kubectl get pod cceaddon-nginx-ingress-<controller-name>-controller-*** -n <namespace> -oyaml | grep 'default-backend'
                                                                                                                                                          
 
                                                                                                                                                          In the preceding command, cceaddon-nginx-ingress-<controller-name>-controller-*** is the controller pod name, <controller-name> is the controller name specified during add-on installation, and <namespace> is the namespace where the controller is deployed.
                                                                                                                                                          
 
                                                                                                                                                          Command output:
                                                                                                                                                          
 
                                                                                                                                                          - '--default-backend-service=<namespace>/<backend-svc-name>'
                                                                                                                                                          
-
                                                                                                                                                          In the preceding command, <backend-svc-name> is the name of the DefaultBackend Service for the Nginx Ingress Controller.
                                                                                                                                                          
-
                                                                                                                                                        2. Check whether the DefaultBackend Service of the Nginx Ingress Controller is available.
                                                                                                                                                          kubectl get svc <backend-svc-name> -n <namespace>
                                                                                                                                                          
+
                                                                                                                                                          In the preceding command, <backend-svc-name> is the name of the DefaultBackend Service for the NGINX Ingress Controller.
                                                                                                                                                          
+
                                                                                                                                                        3. Check whether the DefaultBackend Service of the NGINX Ingress Controller is available.
                                                                                                                                                          kubectl get svc <backend-svc-name> -n <namespace>
                                                                                                                                                          
 
                                                                                                                                                          If the Service is unavailable, this check item failed.
                                                                                                                                                          
 
                                                                                                                                                        
 
                                                                                                                                                    
 
                                                                                                                                                    Solution
                                                                                                                                                    For Check Item 1
                                                                                                                                                    
 
                                                                                                                                                    Add an annotation to the Nginx ingresses as follows:
                                                                                                                                                    
 
                                                                                                                                                    kubectl annotate ingress <ingress-name> kubernetes.io/ingress.class=nginx
                                                                                                                                                    
-
                                                                                                                                                     
                                                                                                                                                    There is no need to add this annotation to LoadBalancer ingresses. Verify that these ingresses are managed by Nginx Ingress Controller.
                                                                                                                                                    
+
                                                                                                                                                     
                                                                                                                                                    There is no need to add this annotation to LoadBalancer ingresses. Verify that these ingresses are managed by NGINX Ingress Controller.
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    For Check Item 2
                                                                                                                                                    
 
                                                                                                                                                    Create the DefaultBackend Service again.
                                                                                                                                                    • If a custom DefaultBackend Service has been specified in the default 404 service configuration during add-on installation, create the same Service.
                                                                                                                                                    • If the default DefaultBackend Service is used during add-on installation, the re-created YAML example is as follows:
                                                                                                                                                      apiVersion: v1
diff --git a/docs/cce/umn/cce_10_0510.html b/docs/cce/umn/cce_10_0510.html
index be7e26c9d..e5565f424 100644
--- a/docs/cce/umn/cce_10_0510.html
+++ b/docs/cce/umn/cce_10_0510.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                      containerd Pod Restart Risks
                                                                                                                                                      
-
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the service pods running on a containerd node are restarted when containerd is upgraded.
                                                                                                                                                      
+
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the service pods running on a containerd node are restarted when containerd is upgraded.
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                      Solution
                                                                                                                                                      containerd on your node may need to be restarted. To minimize the impact on service containers, upgrade the cluster during controllable times, such as off-peak hours.
                                                                                                                                                      
-
                                                                                                                                                      If you need help, submit a service ticket to contact O&M personnel.
                                                                                                                                                      
+
                                                                                                                                                      Solution
                                                                                                                                                      containerd on your node may need to be restarted. To minimize the impact on service containers, upgrade the cluster during controllable times, such as off-peak hours.
                                                                                                                                                      
+
                                                                                                                                                      If you need help, submit a service ticket to contact O&M personnel.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0511.html b/docs/cce/umn/cce_10_0511.html
index e1cc28f87..0278b9bb3 100644
--- a/docs/cce/umn/cce_10_0511.html
+++ b/docs/cce/umn/cce_10_0511.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                      Check Items
                                                                                                                                                      Check whether the configuration of the CCE AI Suite add-on in a cluster has been intrusively modified. If so, upgrading the cluster may fail.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      Solution
                                                                                                                                                      1. Use kubectl to access the cluster.
                                                                                                                                                      2. Run the following command to obtain the add-on instance details:
                                                                                                                                                        kubectl get ds nvidia-driver-installer -nkube-system -oyaml
                                                                                                                                                        
-
                                                                                                                                                      3. Check whether the UpdateStrategy value is changed to OnDelete. If so, change it back to RollingUpdate.
                                                                                                                                                      4. Check whether the NVIDIA_DRIVER_DOWNLOAD_URL value is the same as the add-on IP address on the add-on details page. If no, change the value on the web page.
                                                                                                                                                      
+
                                                                                                                                                    • Check whether the UpdateStrategy value is changed to OnDelete. If so, change it back to RollingUpdate.
                                                                                                                                                    • Check whether the NVIDIA_DRIVER_DOWNLOAD_URL value is the same as the GPU driver version on the add-on page. If not, correct the version on the add-on page.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0512.html b/docs/cce/umn/cce_10_0512.html
index 8a1584184..dcb1b7fa6 100644
--- a/docs/cce/umn/cce_10_0512.html
+++ b/docs/cce/umn/cce_10_0512.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  GPU Pod Rebuild Risks
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  Upgrade the cluster when the impact on services is controllable (for example, during off-peak hours) to minimize the impact.
                                                                                                                                                  
-
                                                                                                                                                  If you need help, submit a service ticket to contact O&M personnel.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Upgrade the cluster when the impact on services is controllable (for example, during off-peak hours) to minimize the impact.
                                                                                                                                                  
+
                                                                                                                                                  If you need help, submit a service ticket to contact O&M personnel.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0513.html b/docs/cce/umn/cce_10_0513.html
index f8716daad..6f32f53e1 100644
--- a/docs/cce/umn/cce_10_0513.html
+++ b/docs/cce/umn/cce_10_0513.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  ELB Listener Access Control
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether ELB listener access control has been configured for the Services in the current cluster using annotations.
                                                                                                                                                  
-
                                                                                                                                                  If so, check whether their configurations are correct.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether ELB listener access control has been configured for the Services in the current cluster using annotations.
                                                                                                                                                  
+
                                                                                                                                                  If so, check whether their configurations are correct.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  In case of an incorrect configuration, contact O&M personnel.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  In case of an incorrect configuration, correct it by following the instructions provided in Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0514.html b/docs/cce/umn/cce_10_0514.html
index 4d986057c..ad71c1c4f 100644
--- a/docs/cce/umn/cce_10_0514.html
+++ b/docs/cce/umn/cce_10_0514.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Master Node Flavor
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  This issue is typically caused by modifications made to the master node. This upgrade may reset the node.
                                                                                                                                                  
-
                                                                                                                                                  If you are unsure about the impact, submit a service ticket to contact O&M personnel.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  This issue is typically caused by modifications made to the master node. This upgrade may reset the node.
                                                                                                                                                  
+
                                                                                                                                                  If you are unsure about the impact, submit a service ticket to contact O&M personnel.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0515.html b/docs/cce/umn/cce_10_0515.html
index ee09f815e..cb3ae9dfa 100644
--- a/docs/cce/umn/cce_10_0515.html
+++ b/docs/cce/umn/cce_10_0515.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Subnet Quota of Master Nodes
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  Rolling upgrade is not supported if there are not enough IP addresses in the selected cluster subnet.
                                                                                                                                                  
-
                                                                                                                                                  Move nodes out of the target subnet and check again. If you are unsure about the impact of migration, submit a service ticket to contact O&M personnel.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Rolling upgrade is not supported if there are not enough IP addresses in the selected cluster subnet.
                                                                                                                                                  
+
                                                                                                                                                  Move nodes out of the target subnet and check again. If you are unsure about the impact of migration, submit a service ticket to contact O&M personnel.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0516.html b/docs/cce/umn/cce_10_0516.html
index 1ad89ffae..2a84822ee 100644
--- a/docs/cce/umn/cce_10_0516.html
+++ b/docs/cce/umn/cce_10_0516.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Node Runtime
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  If your node's runtime is not containerd, change it to containerd by resetting the node.
                                                                                                                                                  
-
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  If your node's runtime is not containerd, change it to containerd by resetting the node.
                                                                                                                                                  
+
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0517.html b/docs/cce/umn/cce_10_0517.html
index 1413271ce..558416ec9 100644
--- a/docs/cce/umn/cce_10_0517.html
+++ b/docs/cce/umn/cce_10_0517.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Node Pool Runtime
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  If your node pool's runtime is not containerd, change it to containerd by updating the node pool.
                                                                                                                                                  
-
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  If your node pool's runtime is not containerd, change it to containerd by updating the node pool.
                                                                                                                                                  
+
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0518.html b/docs/cce/umn/cce_10_0518.html
index 8421e84ee..fa1e3de14 100644
--- a/docs/cce/umn/cce_10_0518.html
+++ b/docs/cce/umn/cce_10_0518.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                  Number of Node Images
                                                                                                                                                  
-
                                                                                                                                                  Check Items
                                                                                                                                                  Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions such as Nginx.
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions such as Nginx.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Solution
                                                                                                                                                  Manually delete residual images.
                                                                                                                                                  
-
                                                                                                                                                  Perform the pre-upgrade check again.
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Manually delete residual images.
                                                                                                                                                  
+
                                                                                                                                                  Perform the pre-upgrade check again.
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0520.html b/docs/cce/umn/cce_10_0520.html
new file mode 100644
index 000000000..9e56a1305
--- /dev/null
+++ b/docs/cce/umn/cce_10_0520.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                  Compatibility Check of Secret Encryption
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the target version supports secret encryption. If it does not, clusters that have this feature enabled cannot be upgraded to the target version.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Secret encryption is supported in CCE clusters of v1.27 or later versions. The feature is available in the following versions:
                                                                                                                                                  • v1.27: v1.27.10-r0 or later
                                                                                                                                                  • v1.28: v1.28.8-r0 or later
                                                                                                                                                  • v1.29: v1.29.4-r0 or later
                                                                                                                                                  • Other clusters of later versions
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  If secret encryption has been enabled in the cluster before the upgrade, the target cluster version must also support this feature. Select a target version that supports secret encryption for the upgrade.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0521.html b/docs/cce/umn/cce_10_0521.html
new file mode 100644
index 000000000..bde60f755
--- /dev/null
+++ b/docs/cce/umn/cce_10_0521.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                  Compatibility Between the Ubuntu Kernel and GPU Driver
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Make sure that the GPU add-on and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on must be 535.161.08 or later.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  This issue may occur when you create or reset an Ubuntu node after an upgrade. In this case, upgrade the GPU add-on driver to version 535.161.08 or later, and restart the node.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0522.html b/docs/cce/umn/cce_10_0522.html
new file mode 100644
index 000000000..f973ac200
--- /dev/null
+++ b/docs/cce/umn/cce_10_0522.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                                                  Drainage Tasks
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  An unfinished drainage task is detected in the cluster, which may resume after the upgrade. If this happens, running pods will be evicted, which could impact your services.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  1. Configure the kubectl command. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                  2. Check if there are any drainage tasks in progress.
                                                                                                                                                    kubectl get drainage
                                                                                                                                                    
+
                                                                                                                                                    Figure 1 An in-progress drainage task
                                                                                                                                                    
+
                                                                                                                                                    Delete the drainage resources and perform the pre-upgrade check again.
                                                                                                                                                    
+
                                                                                                                                                  3. Run the following command to delete a drainage task:
                                                                                                                                                    kubectl delete drainage {Name of the drainage task}
                                                                                                                                                    
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0523.html b/docs/cce/umn/cce_10_0523.html
new file mode 100644
index 000000000..731f27238
--- /dev/null
+++ b/docs/cce/umn/cce_10_0523.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                  Image Layers on a Node
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check the number of image layers on your node. If there are more than 5000 layers, it will take a long time for Docker or containerd to start, affecting the stdout of Docker or containerd.
                                                                                                                                                  
+
                                                                                                                                                  If Nginx is used in your cluster, data forwarding may be slow.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Log in to the node and manually delete unnecessary images.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0524.html b/docs/cce/umn/cce_10_0524.html
new file mode 100644
index 000000000..d0bf51e22
--- /dev/null
+++ b/docs/cce/umn/cce_10_0524.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                  Cluster Rolling Upgrade
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether your cluster is eligible for a rolling upgrade. The result shows that the rolling upgrade is not supported.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Rolling upgrades cannot be performed if the tenant's resource quotas are insufficient.
                                                                                                                                                  
+
                                                                                                                                                  Contact O&M personnel to expand resources and perform the check again.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0525.html b/docs/cce/umn/cce_10_0525.html
new file mode 100644
index 000000000..23b33db72
--- /dev/null
+++ b/docs/cce/umn/cce_10_0525.html
@@ -0,0 +1,19 @@
+
+
+
                                                                                                                                                  Rotation Certificates
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether the number of certificates on your node is greater than 1000. During an upgrade, certificate files will be processed in batches. An excessive number of certificate files will lead to a slow node upgrade and result in pod eviction from the node.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Solution 1 (preferred): Reset the node. For details, see Resetting a Node.
                                                                                                                                                  
+
                                                                                                                                                  Solution 2: Fix the certificate rotation issue on the node.
                                                                                                                                                  
+
                                                                                                                                                  1. Go to the /opt/cloud/cce/kubernetes/kubelet/pki/ directory on the node.
                                                                                                                                                  2. Back up certificate files kubelet-server-current.pem and kubelet-client-current.pem on the node.
                                                                                                                                                  3. Delete the residual kubelet-server-* certificate files from the node.
                                                                                                                                                    link_target="$(basename $(readlink kubelet-server-current.pem))" && find -maxdepth 1 -type f -name 'kubelet-server-*.pem' ! -name "$link_target" -delete
                                                                                                                                                    
+
                                                                                                                                                  4. Delete soft links for the certificates.
                                                                                                                                                    find -maxdepth 1 -type f -name 'kubelet-server-current.pem'  -delete
                                                                                                                                                    
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0526.html b/docs/cce/umn/cce_10_0526.html
new file mode 100644
index 000000000..2323482d8
--- /dev/null
+++ b/docs/cce/umn/cce_10_0526.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                  Ingress and ELB Configuration Consistency
                                                                                                                                                  
+
                                                                                                                                                  Check Items
                                                                                                                                                  Check whether any modifications have been made to the listener, forwarding policy, forwarding rule, backend cloud server group, backend cloud server, or certificate configurations that were automatically generated by the ingress on the ELB console.
                                                                                                                                                  
+
                                                                                                                                                  Any modifications made to the ELB will be overwritten during the upgrade process. Verify the configuration consistency before upgrading the cluster.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Solution
                                                                                                                                                  Based on the diagnostic analysis logs, determine which configurations require correction. Typically, this issue occurs when different forwarding policies are configured for the listener associated with the target ingress. This causes a mismatch with the forwarding policies configured for the cluster ingress. To resolve this, either transfer the additional forwarding policies to a different listener or add them to the ingress.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_10_0549.html b/docs/cce/umn/cce_10_0549.html
index 6e1f13ad3..1b29ea8a1 100644
--- a/docs/cce/umn/cce_10_0549.html
+++ b/docs/cce/umn/cce_10_0549.html
@@ -29,7 +29,7 @@
 
 
                                                                                                                                              Add-ons
                                                                                                                                              
 
                                                                                                                                              • Check whether the add-on status is normal.
                                                                                                                                              • Check whether the add-on support the target version.
                                                                                                                                              
+
                                                                                                                                              • Check whether the add-on status is normal.
                                                                                                                                              • Check whether the add-on supports the target version.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              4
                                                                                                                                              
@@ -43,7 +43,7 @@
                                                                                                                                               		
 
                                                                                                                                              SSH Connectivity of Master Nodes
                                                                                                                                              
 
                                                                                                                                              Check whether your master nodes can be accessed using SSH.
                                                                                                                                              
+
                                                                                                                                              Check whether your master nodes can be accessed using SSH.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              6
                                                                                                                                              
@@ -92,7 +92,7 @@
                                                                                                                                               		
 
                                                                                                                                              Node CPU Usage
                                                                                                                                              
 
                                                                                                                                              Check whether the CPU usage of the node exceeds 90%.
                                                                                                                                              
+
                                                                                                                                              Check whether the node's CPU usage is above 90%.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              13
                                                                                                                                              
@@ -134,7 +134,7 @@
                                                                                                                                               		
 
                                                                                                                                              Node Memory
                                                                                                                                              
 
                                                                                                                                              Check whether the memory usage of the node exceeds 90%.
                                                                                                                                              
+
                                                                                                                                              Check whether the node's memory usage is above 90%.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              19
                                                                                                                                              
@@ -155,7 +155,7 @@
                                                                                                                                               		
 
                                                                                                                                              Node CPU Cores
                                                                                                                                              
 
                                                                                                                                              Check and make sure that the master nodes in your cluster have more than 2 CPU cores.
                                                                                                                                              
+
                                                                                                                                              Check and make sure that the master nodes in your cluster have more than 2 CPU cores.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              22
                                                                                                                                              
@@ -183,21 +183,21 @@
                                                                                                                                               		
 
                                                                                                                                              containerd.sock
                                                                                                                                              
 
                                                                                                                                              Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.
                                                                                                                                              
+
                                                                                                                                              Check whether the containerd.sock file is on the node. This file affects the startup of container runtime in the Euler OS.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              26
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Internal Error
                                                                                                                                              
 
                                                                                                                                              This check item is not typical and implies that an internal error was found during the pre-upgrade check.
                                                                                                                                              
+
                                                                                                                                              This check item is not typical and implies that an internal error was found during the pre-upgrade check.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              27
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Node Mount Points
                                                                                                                                              
 
                                                                                                                                              Check whether inaccessible mount points exist on the node.
                                                                                                                                              
+
                                                                                                                                              Check whether there are inaccessible mount points on the node.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              28
                                                                                                                                              
@@ -218,7 +218,7 @@
                                                                                                                                               		
 
                                                                                                                                              cce-hpa-controller Limitations
                                                                                                                                              
 
                                                                                                                                              Check whether there are compatibility limitations between the current and target cce-controller-hpa add-on versions.
                                                                                                                                              
+
                                                                                                                                              Check whether there are compatibility limitations between the current and target cce-controller-hpa add-on versions.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              31
                                                                                                                                              
@@ -232,14 +232,14 @@
                                                                                                                                               		
 
                                                                                                                                              Health of Worker Node Components
                                                                                                                                              
 
                                                                                                                                              Check whether the container runtime and network components on the worker nodes are healthy.
                                                                                                                                              
+
                                                                                                                                              Check whether the container runtime and network components on the worker nodes are healthy.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              33
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Health of Master Node Components
                                                                                                                                              
 
                                                                                                                                              Check whether cluster components such as the Kubernetes component, container runtime component, and network component are running properly before the upgrade.
                                                                                                                                              
+
                                                                                                                                              Check whether cluster components such as the Kubernetes component, container runtime component, and network component are running properly before the upgrade.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              34
                                                                                                                                              
@@ -353,14 +353,14 @@
                                                                                                                                               		
 
                                                                                                                                              Historical Upgrade Records
                                                                                                                                              
 
                                                                                                                                              Check the historical upgrade records of the cluster and confirm that the current version of the cluster meets the requirements for upgrading to the target version.
                                                                                                                                              
+
                                                                                                                                              Check the historical upgrade records of the cluster and confirm that the current version of the cluster meets the requirements for upgrading to the target version.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              50
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              CIDR Block of the Cluster Management Plane
                                                                                                                                              
 
                                                                                                                                              Check whether the CIDR block of the cluster management plane is the same as that configured on the backbone network.
                                                                                                                                              
+
                                                                                                                                              Check whether the CIDR block of the cluster management plane is the same as that configured on the backbone network.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              51
                                                                                                                                              
@@ -374,7 +374,7 @@
                                                                                                                                               		
 
                                                                                                                                              Nodes' System Parameters
                                                                                                                                              
 
                                                                                                                                              Check whether the default system parameter settings on your nodes are modified.
                                                                                                                                              
+
                                                                                                                                              Check whether the default system parameter settings on your nodes are modified.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              53
                                                                                                                                              
@@ -409,7 +409,7 @@
                                                                                                                                               		
 
                                                                                                                                              containerd Pod Restart Risks
                                                                                                                                              
 
                                                                                                                                              Check whether the service pods running on a containerd node are restarted when containerd is upgraded.
                                                                                                                                              
+
                                                                                                                                              Check whether the service pods running on a containerd node are restarted when containerd is upgraded.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              58
                                                                                                                                              
@@ -423,49 +423,98 @@
                                                                                                                                               		
 
                                                                                                                                              GPU Pod Rebuild Risks
                                                                                                                                              
 
                                                                                                                                              Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                                                              
+
                                                                                                                                              Check whether GPU service pods are rebuilt in a cluster when kubelet is restarted during the upgrade of the cluster.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              60
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              ELB Listener Access Control
                                                                                                                                              
 
                                                                                                                                              If access control is configured, check whether the configurations are correct.
                                                                                                                                              
+
                                                                                                                                              If so, check whether their configurations are correct.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              61
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Master Node Flavor
                                                                                                                                              
 
                                                                                                                                              Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.
                                                                                                                                              
+
                                                                                                                                              Check whether the flavor of the master nodes in the cluster is the same as the actual flavor of these nodes.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              62
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Subnet Quota of Master Nodes
                                                                                                                                              
 
                                                                                                                                              Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.
                                                                                                                                              
+
                                                                                                                                              Check whether the number of available IP addresses in the cluster subnet supports rolling upgrade.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              63
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Node Runtime
                                                                                                                                              
 
                                                                                                                                              Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                              
+
                                                                                                                                              Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              64
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Node Pool Runtime
                                                                                                                                              
 
                                                                                                                                              Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                              
+
                                                                                                                                              Check whether an alarm is generated when a cluster is upgraded to v1.27 or later. Do not use Docker in clusters of versions later than 1.27.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              65
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Number of Node Images
                                                                                                                                              
 
                                                                                                                                              Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions such as Nginx.
                                                                                                                                              
+
                                                                                                                                              Check the number of images on your node. If there are more than 1000 images, it takes a long time for Docker to start, affecting the standard Docker output and functions such as Nginx.
                                                                                                                                              
+
                                                                                                                                              66
                                                                                                                                              
+
                                                                                                                                              Compatibility Check of Secret Encryption
                                                                                                                                              
+
                                                                                                                                              Check whether the target version supports secret encryption. If it does not, clusters that have this feature enabled cannot be upgraded to the target version.
                                                                                                                                              
+
                                                                                                                                              67
                                                                                                                                              
+
                                                                                                                                              Compatibility Between the Ubuntu Kernel and GPU Driver
                                                                                                                                              
+
                                                                                                                                              Make sure that the GPU add-on and Ubuntu nodes are compatible before using them in a cluster. If the Ubuntu kernel is 5.15.0-113-generic, the driver of the GPU add-on must be 535.161.08 or later.
                                                                                                                                              
+
                                                                                                                                              68
                                                                                                                                              
+
                                                                                                                                              Drainage Tasks
                                                                                                                                              
+
                                                                                                                                              An unfinished drainage task is detected in the cluster, which may resume after the upgrade. If this happens, running pods will be evicted, which could impact your services.
                                                                                                                                              
+
                                                                                                                                              69
                                                                                                                                              
+
                                                                                                                                              Image Layers on a Node
                                                                                                                                              
+
                                                                                                                                              Check the number of image layers on your node. If there are more than 5000 layers, it will take a long time for Docker or containerd to start, affecting the stdout of Docker or containerd.
                                                                                                                                              
+
                                                                                                                                              70
                                                                                                                                              
+
                                                                                                                                              Cluster Rolling Upgrade
                                                                                                                                              
+
                                                                                                                                              Check whether your cluster is eligible for a rolling upgrade. The result shows that the rolling upgrade is not supported.
                                                                                                                                              
+
                                                                                                                                              71
                                                                                                                                              
+
                                                                                                                                              Rotation Certificates
                                                                                                                                              
+
                                                                                                                                              Check whether the number of certificates on your node is greater than 1000. During an upgrade, certificate files will be processed in batches. An excessive number of certificate files will lead to a slow node upgrade and result in pod eviction from the node.
                                                                                                                                              
+
                                                                                                                                              72
                                                                                                                                              
+
                                                                                                                                              Ingress and ELB Configuration Consistency
                                                                                                                                              
+
                                                                                                                                              Check whether any modifications have been made to the listener, forwarding policy, forwarding rule, backend cloud server group, backend cloud server, or certificate configurations that were automatically generated by the ingress on the ELB console.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
 
 
 
 
                                                                                                                                              None
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Drainage cancellation
                                                                                                                                              
+
                                                                                                                                               NOTE: 
                                                                                                                                              For clusters of v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later, if forcible drainage is not used for DaemonSet pods, the default operation is None.
                                                                                                                                              
+
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              A volume of the emptyDir type is mounted to the pod.
                                                                                                                                              
@@ -62,14 +64,210 @@
 
                                                                                                                                              • Deletion: The pod is deleted from the current node and will not be scheduled to other nodes.
                                                                                                                                              • Eviction: The pod is deleted from the current node and rescheduled to another node.
                                                                                                                                              • None: The pod will not be evicted or deleted.
                                                                                                                                              • Drainage cancellation: If a pod on a node cancels drainage, the drainage process of the node is terminated and no pod is evicted or deleted.
                                                                                                                                              
 
 
-
                                                                                                                                              Procedure
                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                              2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                                                              3. Locate the target node and choose More > Nodal Drainage in the Operation column.
                                                                                                                                              4. In the Nodal Drainage window displayed, set parameters.
                                                                                                                                                • Timeout (s): The drainage task automatically fails after the preset timeout period. The value 0 indicates that the timeout period is not set.
                                                                                                                                                • Forced Drainage: If this function is enabled, pods managed by DaemonSet will be ignored, and pods with emptyDir volumes and pods not managed by controllers will be deleted. For details, see Rules for Draining Nodes.
                                                                                                                                                
+
                                                                                                                                                Drainage Through the Console
                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                                                                3. Locate the target node and choose More > Nodal Drainage in the Operation column.
                                                                                                                                                4. In the Nodal Drainage window displayed, set parameters.
                                                                                                                                                  • Timeout (s): Node drain tasks automatically fail after the specified timeout expires. A value of 0 indicates that task will not time out.
                                                                                                                                                  • Forced Drainage: If this function is enabled, pods managed by DaemonSet will be ignored, and pods with emptyDir volumes and pods not managed by controllers will be deleted. For details, see Rules for Draining Nodes.
                                                                                                                                                  
 
                                                                                                                                                5. Click OK and wait until the node drainage is complete.
                                                                                                                                                
 
                                                                                                                                                
-
                                                                                                                                                Cancelling Node Drainage
                                                                                                                                                 
                                                                                                                                                In clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions, node drainage can be canceled.
                                                                                                                                                
-
                                                                                                                                                This operation will abort drainage on nodes, but workloads that have been evicted from these nodes will not be automatically migrated back.
                                                                                                                                                
+
                                                                                                                                                Drainage Using kubectl
                                                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                2. Edit the YAML file for drainage.
                                                                                                                                                  The following is an example of Drainage-test.yaml:
                                                                                                                                                  
+
                                                                                                                                                  apiVersion: node.cce.io/v1
+kind: Drainage
+metadata:
+  name: 192.168.1.67-1721616409999   # Drainage resource name
+spec:
+  nodeName: 192.168.1.67     # Kubernetes name of the node to be drained, which can be obtained by running the kubectl get node command
+  force: true
+  timeout: 0
                                                                                                                                                  
+
                                                                                                                                                  • nodeName: node to be drained. The parameter value is the node name in Kubernetes, not the name displayed on the console.
                                                                                                                                                    You can run the kubectl get node command to obtain a node name in Kubernetes.
                                                                                                                                                    
+
                                                                                                                                                  • force: whether to forcibly drain a node. Value true means that the drainage is forced, while false means it is not.
                                                                                                                                                  • timeout: timeout measured in seconds. Node drain tasks automatically fail after the specified timeout expires. A value of 0 indicates that task will not time out.
                                                                                                                                                  
+
                                                                                                                                                3. Create drainage resources.
                                                                                                                                                  kubectl create -f Drainage-test.yaml
                                                                                                                                                  
+
                                                                                                                                                  If information similar to the following is displayed, the drainage resources have been created:
                                                                                                                                                  
+
                                                                                                                                                  drainage.node.cce.io/192.168.1.67-1721616409999 created
                                                                                                                                                  
+
                                                                                                                                                4. Check the result.
                                                                                                                                                  kubectl get drainages 192.168.1.67-1721616409999 -o yaml
                                                                                                                                                  
+
                                                                                                                                                  If phase is Succeeded, the operation is successful.
                                                                                                                                                  
+
                                                                                                                                                  apiVersion: node.cce.io/v1
+kind: Drainage
+metadata:
+  creationTimestamp: "2024-07-22T03:12:56Z"
+  generation: 1
+  name: 192.168.1.67-1721616409999
+  resourceVersion: "2683143"
+  uid: 3ec131e4-0505-4c88-8255-ef9d0eb02712
+spec:
+  force: true
+  nodeName: 192.168.1.67
+  timeout: 0
+status:
+  conditions:
+  - lastTransitionTime: "2024-07-22T03:12:56Z"
+    message: start to drain node
+    reason: Started
+    status: "True"
+    type: Started
+  - lastTransitionTime: "2024-07-22T03:13:26Z"
+    message: node has been drained
+    reason: Succeeded
+    status: "True"
+    type: Finished
+  phase: Succeeded
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                                Drainage Through APIs
                                                                                                                                                1. Obtain the token in the region where the cluster is located. 
                                                                                                                                                2. Based on the API format, find the URL for the node drainage API.
                                                                                                                                                  URL of the API for draining a node:
                                                                                                                                                  https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages
                                                                                                                                                  
+
                                                                                                                                                  • {clusterid}: cluster ID, which can be obtained on the Overview page of the CCE console.
                                                                                                                                                  • Endpoint: endpoint of CCE in the region where the cluster is located.
                                                                                                                                                    For details about the value, see Regions and Endpoints.
                                                                                                                                                    
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                3. Use the POST request method and configure request header parameters.
                                                                                                                                                  curl --location --request POST 'https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages' \
+--header 'Content-Type: application/json' \
+--header 'X-Auth-Token: MIIWvw******' \
+--data @Drainage.json
                                                                                                                                                  
+
                                                                                                                                                  The following table lists the header parameters contained in the request.
+
                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                  Table 1 Request header parameters
                                                                                                                                                  Parameter
                                                                                                                                                  
+
                                                                                                                                                  Mandatory
                                                                                                                                                  
+
                                                                                                                                                  Type
                                                                                                                                                  
+
                                                                                                                                                  Description
                                                                                                                                                  
+
                                                                                                                                                  Content-Type
                                                                                                                                                  
+
                                                                                                                                                  Yes
                                                                                                                                                  
+
                                                                                                                                                  String
                                                                                                                                                  
+
                                                                                                                                                  Message body type (format), for example, application/json.
                                                                                                                                                  
+
                                                                                                                                                  X-Auth-Token
                                                                                                                                                  
+
                                                                                                                                                  Yes
                                                                                                                                                  
+
                                                                                                                                                  String
                                                                                                                                                  
+
                                                                                                                                                  Use a token to call the API. 
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Drainage.json is located in the current directory and contains the following content:
                                                                                                                                                  
+
                                                                                                                                                  {
+    "apiVersion": "node.cce.io/v1",
+    "kind": "Drainage",
+    "metadata": {
+        "name": "192.168.1.67-1721616404940"
+    },
+    "spec": {
+        "nodeName": "192.168.1.67",
+        "force": true,
+        "timeout": 0
+    }
+}
                                                                                                                                                  
+
                                                                                                                                                  • nodeName: node to be drained. The parameter value is the node name in Kubernetes, not the name displayed on the console.
                                                                                                                                                    You can run the kubectl get node command to obtain a node name in Kubernetes.
                                                                                                                                                    
+
                                                                                                                                                  • force: whether to forcibly drain a node. Value true means that the drainage is forced, while false means it is not.
                                                                                                                                                  • timeout: timeout measured in seconds. Node drain tasks automatically fail after the specified timeout expires. A value of 0 indicates that task will not time out.
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                                Cancellation Through the Console
                                                                                                                                                 
                                                                                                                                                In clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions, node drainage can be canceled.
                                                                                                                                                
+
                                                                                                                                                This operation will abort drainage on nodes, but workloads that have been evicted from these nodes will not be automatically migrated back.
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                2. In the navigation pane, choose Nodes. On the displayed page, click the Nodes tab.
                                                                                                                                                3. Locate the node that is being drained and click Cancel Drainage.
                                                                                                                                                4. In the displayed dialog box, click OK. The node status changes to Drainage cancelled. You can click Enable Scheduling to restore the node to the schedulable state.
                                                                                                                                                
 
                                                                                                                                                
+
                                                                                                                                                Cancellation Using kubectl
                                                                                                                                                 
                                                                                                                                                In clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions, node drainage can be canceled.
                                                                                                                                                
+
                                                                                                                                                This operation will abort drainage on nodes, but workloads that have been evicted from these nodes will not be automatically migrated back.
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                                1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                2. Check drainage resources.
                                                                                                                                                  kubectl get drainages
                                                                                                                                                  
+
                                                                                                                                                  Command output:
                                                                                                                                                  NAME                         AGE
+192.168.1.67-1721616409999   13s
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                3. Cancel drainage.
                                                                                                                                                  kubectl annotate drainages 192.168.1.67-1721616409999 node.cce.io/drainage-disable=true
                                                                                                                                                  
+
                                                                                                                                                4. Check the result.
                                                                                                                                                  kubectl get drainages 192.168.1.67-1721616409999 -o yaml
                                                                                                                                                  
+
                                                                                                                                                  If the command output, phase is changed to Cancelled.
                                                                                                                                                  
+
                                                                                                                                                  apiVersion: node.cce.io/v1
+kind: Drainage
+metadata:
+  annotations:
+    node.cce.io/drainage-disable: "true"
+  creationTimestamp: "2024-07-22T03:12:56Z"
+  generation: 1
+  name: 192.168.1.67-1721616409999
+  resourceVersion: "2689858"
+  uid: 3ec131e4-0505-4c88-8255-ef9d0eb02712
+spec:
+  force: true
+  nodeName: 192.168.1.67
+  timeout: 0
+status:
+  conditions:
+  - lastTransitionTime: "2024-07-22T03:12:56Z"
+    message: start to drain node
+    reason: Started
+    status: "True"
+    type: Started
+  - lastTransitionTime: "2024-07-22T03:13:26Z"
+    message: node has been drained
+    reason: Succeeded
+    status: "True"
+    type: Finished
+  - lastTransitionTime: "2024-07-22T03:37:48Z"
+    message: node drainage has been cancelled
+    reason: Cancelled
+    status: "True"
+    type: Cancelled
+  phase: Cancelled
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                                Cancellation Through APIs
                                                                                                                                                1. Obtain the token in the region where the cluster is located. 
                                                                                                                                                2. Based on the API format, find the URL for the node drainage API.
                                                                                                                                                  URL of the API for canceling node drainage:
                                                                                                                                                  https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages/{drainageName}
                                                                                                                                                  
+
                                                                                                                                                  • {clusterid}: cluster ID, which can be obtained on the Overview page of the CCE console.
                                                                                                                                                  • Endpoint: endpoint of CCE in the region where the cluster is located.
                                                                                                                                                    For details about the value, see Regions and Endpoints.
                                                                                                                                                    
+
                                                                                                                                                  • {drainageName}: name of the drainage resource, which can be obtained by running the kubectl get drainages command.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                3. Use the PATCH request method and configure request header parameters.
                                                                                                                                                  curl --location --request PATCH 'https://{clusterid}.Endpoint/apis/node.cce.io/v1/drainages/{drainageName}' \
+--header 'Content-Type: application/merge-patch+json' \
+--header 'X-Auth-Token: MIIWvw******' \
+--data @Drainage-cancel.json
                                                                                                                                                  
+
                                                                                                                                                  The following table lists the header parameters contained in the request.
+
                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                  Table 2 Request header parameters
                                                                                                                                                  Parameter
                                                                                                                                                  
+
                                                                                                                                                  Mandatory
                                                                                                                                                  
+
                                                                                                                                                  Type
                                                                                                                                                  
+
                                                                                                                                                  Description
                                                                                                                                                  
+
                                                                                                                                                  Content-Type
                                                                                                                                                  
+
                                                                                                                                                  Yes
                                                                                                                                                  
+
                                                                                                                                                  String
                                                                                                                                                  
+
                                                                                                                                                  Message body type. The value is application/merge-patch+json in PATCH format.
                                                                                                                                                  
+
                                                                                                                                                  X-Auth-Token
                                                                                                                                                  
+
                                                                                                                                                  Yes
                                                                                                                                                  
+
                                                                                                                                                  String
                                                                                                                                                  
+
                                                                                                                                                  Use a token to call the API. 
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Drainage-cancel.json is located in the current directory and contains the following content:
                                                                                                                                                  
+
                                                                                                                                                  {
+    "metadata": {
+        "annotations": {
+            "node.cce.io/drainage-disable": "true"
+        }
+    }
+}
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                
 
                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0614.html b/docs/cce/umn/cce_10_0614.html
index bde204719..6bfeb1cb7 100644
--- a/docs/cce/umn/cce_10_0614.html
+++ b/docs/cce/umn/cce_10_0614.html
@@ -81,14 +81,14 @@
 
                                                                                                                                              Mount Path
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              		
 
                                                                                                                                              
 
                                                                                                                                              Subpath
                                                                                                                                              
 
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                              
+
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              Permission
                                                                                                                                              
@@ -104,6 +104,7 @@
 
                                                                                                                                               
                                                                                                                                              A non-shared EVS disk can be attached to only one workload pod. If there are multiple pods, extra pods cannot start properly. Ensure that the number of workload pods is 1 if an EVS disk is attached.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
+
                                                                                                                                              
 
                                                                                                                                            19. After the configuration, click Create Workload.
                                                                                                                                              After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                              
 
                                                                                                                                              20. 
 
                                                                                                                                              
@@ -131,7 +132,7 @@ spec:
       everest.io/disk-mode: SCSI           # Device type of the EVS disk. Only SCSI is supported.
       everest.io/disk-volume-type: SAS     # EVS disk type
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-      everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+      everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
   persistentVolumeReclaimPolicy: Delete    # Reclaim policy
   storageClassName: csi-disk              # StorageClass name. The value must be csi-disk for EVS disks.
@@ -158,7 +159,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Region where the cluster is located.
                                                                                                                                              
-
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              failure-domain.beta.kubernetes.io/zone
                                                                                                                                              
@@ -166,7 +167,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                              
-
                                                                                                                                              For details about the value of zone, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              fsType
                                                                                                                                              
@@ -174,7 +175,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              File system type, which defaults to ext4.
                                                                                                                                              
-
                                                                                                                                              The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                                                              • The nodes must run CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                              • Only common containers are supported.
                                                                                                                                              
+
                                                                                                                                              The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                                                              • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                              • Only common containers are supported.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              		
 
                                                                                                                                              
 
                                                                                                                                              Yes
                                                                                                                                              
 
                                                                                                                                              The storage class for EVS disks is csi-disk.
                                                                                                                                              
+
                                                                                                                                              The StorageClass for EVS disks is csi-disk.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Region where the cluster is located.
                                                                                                                                              
-
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              failure-domain.beta.kubernetes.io/zone
                                                                                                                                              
@@ -267,7 +268,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                              
-
                                                                                                                                              For details about the value of zone, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              storage
                                                                                                                                              
@@ -289,8 +290,8 @@ spec:
                                                                                                                                               		
 
                                                                                                                                              Yes
                                                                                                                                              
 
                                                                                                                                              Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                                                                              
-
                                                                                                                                              The storage class for EVS disks is csi-disk.
                                                                                                                                              
+
                                                                                                                                              StorageClass name, which must be the same as the StorageClass of the PV in 1.
                                                                                                                                              
+
                                                                                                                                              The StorageClass for EVS disks is csi-disk.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
 
                                                                                                                                              Storage Classes
                                                                                                                                              
 
                                                                                                                                              The storage class for EVS disks is csi-disk.
                                                                                                                                              
+
                                                                                                                                              The default StorageClasses for EVS disks are csi-disk and csi-disk-topology.
                                                                                                                                              
+
                                                                                                                                               NOTE: 
                                                                                                                                              If you use the csi-disk (EVS) StorageClass, a PVC and PV will be created immediately. The EVS disk is created with the PV, and then the PVC is bound to the PV.
                                                                                                                                              
+
                                                                                                                                              If you use the csi-disk-topology (EVS created with a delay) StorageClass, a PV will not be immediately created when a PVC is created. Instead, the pods that will be associated with the PVC are scheduled first, and then the EVS disk and PV are created, and finally the PV is bound to the PVC.
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              (Optional) Storage Volume Name Prefix
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
-
                                                                                                                                              For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
+
                                                                                                                                              For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              AZ
                                                                                                                                              
@@ -73,7 +77,7 @@
 
                                                                                                                                              Resource Tag
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              You can add resource tags to classify resources, which is supported only when the Everest version in the cluster is 2.1.39 or later.
                                                                                                                                              
-
                                                                                                                                              You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                              
+
                                                                                                                                              You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                              
 
                                                                                                                                              CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                                                              
 
                                                                                                                                               NOTE: 
                                                                                                                                              After a dynamic PV of the EVS type is created, the resource tags cannot be updated on the CCE console. To update these resource tags, go to the EVS console.
                                                                                                                                              
 
                                                                                                                                              
@@ -100,14 +104,14 @@
 
                                                                                                                                              Mount Path
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              		
 
                                                                                                                                              
 
                                                                                                                                              Subpath
                                                                                                                                              
 
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                              
+
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              Permission
                                                                                                                                              
@@ -123,6 +127,7 @@
 
                                                                                                                                               
                                                                                                                                              A non-shared EVS disk can be attached to only one workload pod. If there are multiple pods, extra pods cannot start properly. Ensure that the number of workload pods is 1 if an EVS disk is attached.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
+
                                                                                                                                              
 
                                                                                                                                            20. After the configuration, click Create Workload.
                                                                                                                                              After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                              
 
                                                                                                                                              21. 
 
                                                                                                                                              
@@ -134,11 +139,11 @@ metadata:
   namespace: default
   annotations:
       everest.io/disk-volume-type: SAS    # EVS disk type
-    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
-    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
-    csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
-    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
+    everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+    csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
+    everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
   labels:
     failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
     failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
@@ -163,7 +168,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Region where the cluster is located.
                                                                                                                                              
-
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              failure-domain.beta.kubernetes.io/zone
                                                                                                                                              
@@ -171,7 +176,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                              
-
                                                                                                                                              For details about the value of zone, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              everest.io/disk-volume-type
                                                                                                                                              
@@ -196,7 +201,7 @@ spec:
                                                                                                                                               		
 
                                                                                                                                              This field is optional. It is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                                                              
 
                                                                                                                                              You can add resource tags to classify resources.
                                                                                                                                              
-
                                                                                                                                              You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                              
+
                                                                                                                                              You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                              
 
                                                                                                                                              CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              No
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              This field is optional. It specifies the file system type, which defaults to ext4.
                                                                                                                                              
-
                                                                                                                                              The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                                                              • The nodes must run CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                              • Only common containers are supported.
                                                                                                                                              
+
                                                                                                                                              The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                                                              • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                              • Only common containers are supported.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              		
 
                                                                                                                                              No
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
 
                                                                                                                                              Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                              
-
                                                                                                                                              For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
+
                                                                                                                                              For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              storage
                                                                                                                                              
@@ -230,7 +235,7 @@ spec:
                                                                                                                                               		
 
                                                                                                                                              Yes
                                                                                                                                              
 
                                                                                                                                              The storage class for EVS disks is csi-disk.
                                                                                                                                              
+
                                                                                                                                              The StorageClass for EVS disks is csi-disk.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
 
                                                                                                                                              Storage Classes
                                                                                                                                              
 
                                                                                                                                              The storage class for EVS disks is csi-disk.
                                                                                                                                              
+
                                                                                                                                              The default StorageClass for EVS disks is csi-disk.
                                                                                                                                              
+
                                                                                                                                              You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              (Optional) Storage Volume Name Prefix
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
-
                                                                                                                                              For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
+
                                                                                                                                              For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              AZ
                                                                                                                                              
@@ -89,14 +92,14 @@
 
                                                                                                                                              Mount Path
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              		
 
                                                                                                                                              
 
                                                                                                                                              Subpath
                                                                                                                                              
 
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                              
+
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              Permission
                                                                                                                                              
@@ -144,11 +147,11 @@ spec:
         namespace: default
         annotations:
           everest.io/disk-volume-type: SAS    # EVS disk type
-          everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+          everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
 
-          everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
-          csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
-          everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
+          everest.io/disk-volume-tags: '{"key1":"value1","key2":"value2"}' # (Optional) Custom resource tags
+          csi.storage.k8s.io/fstype: xfs    # (Optional) The file system is of the xfs type. If it is left blank, ext4 will be used by default.
+          everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
         labels:
           failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
           failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
@@ -192,7 +195,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Region where the cluster is located.
                                                                                                                                              
-
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              failure-domain.beta.kubernetes.io/zone
                                                                                                                                              
@@ -200,7 +203,7 @@ spec:
 
                                                                                                                                              Yes
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                              
-
                                                                                                                                              For details about the value of zone, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              For details about its value, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              everest.io/disk-volume-type
                                                                                                                                              
@@ -225,7 +228,7 @@ spec:
                                                                                                                                               		
 
                                                                                                                                              This field is optional. It is supported when the Everest version in the cluster is 2.1.39 or later.
                                                                                                                                              
 
                                                                                                                                              You can add resource tags to classify resources.
                                                                                                                                              
-
                                                                                                                                              You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                              
+
                                                                                                                                              You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                              
 
                                                                                                                                              CCE automatically creates system tags CCE-Cluster-ID={Cluster ID}, CCE-Cluster-Name={Cluster name}, and CCE-Namespace={Namespace name}. These tags cannot be modified.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              No
                                                                                                                                              
 
                                                                                                                                              This field is optional. It is supported by nodes running CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.1.53 or later.
                                                                                                                                              
-
                                                                                                                                              You can use it to configure a file system type, which can be ext4 or xfs. If it is left blank, the default value ext4 will be used.
                                                                                                                                              
+
                                                                                                                                              This field is optional. It specifies the file system type, which defaults to ext4.
                                                                                                                                              
+
                                                                                                                                              The value can be ext4 or xfs. The restrictions on using xfs are as follows:
                                                                                                                                              • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                              • Only common containers are supported.
                                                                                                                                              
+
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              everest.io/csi.volume-name-prefix
                                                                                                                                              
@@ -242,9 +246,9 @@ spec:
 
                                                                                                                                              No
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                              
 
                                                                                                                                              Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                              
-
                                                                                                                                              For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
+
                                                                                                                                              For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              storage
                                                                                                                                              
@@ -258,7 +262,7 @@ spec:
                                                                                                                                               		
 
                                                                                                                                              Yes
                                                                                                                                              
 
                                                                                                                                              The storage class for EVS disks is csi-disk.
                                                                                                                                              
+
                                                                                                                                              The StorageClass for EVS disks is csi-disk.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
                                                                                                                                               
 
                                                                                                                                              Creation Method
                                                                                                                                              
 
                                                                                                                                              • If underlying storage is available, create a PV or use an existing PV to statically create a PVC.
                                                                                                                                              • If no underlying storage is available, select Dynamically provision. For details, see Using an SFS File System Through a Dynamic PV.
                                                                                                                                              
+
                                                                                                                                              • If underlying storage is available, create a PV or use an existing PV to statically create a PVC.
                                                                                                                                              • If no underlying storage is available, select Dynamically provision. For details, see Using an SFS File System Through a Dynamic PV.
                                                                                                                                              
 
                                                                                                                                              In this example, select Create new to create both a PV and PVC on the console.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              SFSb
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Click Select SFS. On the displayed page, select the SFS file system that meets your requirements and click OK.
                                                                                                                                              
-
                                                                                                                                               NOTE: 
                                                                                                                                              Currently, only SFS 3.0 Capacity-Oriented is supported.
                                                                                                                                              
-
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              PV Nameb
                                                                                                                                              
@@ -88,14 +86,14 @@
 
                                                                                                                                              Mount Path
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                                              
-
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
+
                                                                                                                                              This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              		
 
                                                                                                                                              
 
                                                                                                                                              Subpath
                                                                                                                                              
 
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                              
+
                                                                                                                                              Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              Permission
                                                                                                                                              
@@ -113,143 +111,157 @@
 
 
                                                                                                                                              
 
-
                                                                                                                                              Using an Existing SFS File System Through kubectl
                                                                                                                                              1. Use kubectl to access the cluster.
                                                                                                                                              2. Create a PV.
                                                                                                                                                1. Create the pv-sfs.yaml file.
                                                                                                                                                  SFS Capacity-Oriented:
                                                                                                                                                  apiVersion: v1
+
                                                                                                                                                  Using an Existing SFS Capacity-Oriented File System Through kubectl
                                                                                                                                                  1. Use kubectl to access the cluster.
                                                                                                                                                  2. Create a PV.
                                                                                                                                                    1. Create the pv-sfs.yaml file.
                                                                                                                                                      Example:
                                                                                                                                                      apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
     everest.io/reclaim-policy: retain-volume-only      # (Optional) The underlying volume is retained when the PV is deleted.
-  name: pv-sfs    # PV name
+  name: pv-sfs    # PV name
 spec:
   accessModes:
-  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
   capacity:
-    storage: 1Gi     # SFS volume capacity
+    storage: 1Gi     # SFS volume capacity
   csi:
     driver: nas.csi.everest.io    # Dependent storage driver for the mounting
     fsType: nfs
     volumeHandle: <your_volume_id>   # SFS Capacity-Oriented volume ID
     volumeAttributes:
-      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume
+      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy
-  storageClassName: csi-nas               # StorageClass name. csi-nas indicates that SFS Capacity-Oriented is used.
+  storageClassName: csi-nas               # StorageClass name. csi-nas indicates that SFS Capacity-Oriented is used.
   mountOptions: []                         # Mount options
                                                                                                                                                      
 
                                                                                                                                                      
 
-
                                                                                                                                                      Table 2 Key parameters
                                                                                                                                                      Parameter
                                                                                                                                                      
+
                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
                                                                                                                                                      Table 2 Key parameters
                                                                                                                                                      Parameter
                                                                                                                                                      
 
                                                                                                                                                      Mandatory
                                                                                                                                                      
+
                                                                                                                                                      Mandatory
                                                                                                                                                      
 
                                                                                                                                                      Description
                                                                                                                                                      
+
                                                                                                                                                      Description
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      
 
                                                                                                                                                      everest.io/reclaim-policy
                                                                                                                                                      
+
                                                                                                                                                      everest.io/reclaim-policy
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      Only retain-volume-only is supported.
                                                                                                                                                      
-
                                                                                                                                                      This parameter is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                                      
+
                                                                                                                                                      Only retain-volume-only is supported.
                                                                                                                                                      
+
                                                                                                                                                      This parameter is valid only when the Everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      volumeHandle
                                                                                                                                                      
+
                                                                                                                                                      volumeHandle
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      • If an SFS Capacity-Oriented volume is used, enter the volume ID.
                                                                                                                                                        Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Capacity-Oriented. In the list, click the name of the target SFS file system. On the details page, copy the content following ID.
                                                                                                                                                        
-
                                                                                                                                                      
+
                                                                                                                                                      Volume ID if SFS Capacity-Oriented is used.
                                                                                                                                                      
+
                                                                                                                                                      Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Capacity-Oriented. In the list, click the name of the target SFS file system. On the details page, copy the content following ID.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      everest.io/share-export-location
                                                                                                                                                      
+
                                                                                                                                                      everest.io/share-export-location
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Shared path of the file system.
                                                                                                                                                      
-
                                                                                                                                                      • For an SFS Capacity-Oriented file system, log in to the CCE console, choose Service List > Storage > Scalable File Service, and obtain the shared path from the Mount Address column.
                                                                                                                                                      
+
                                                                                                                                                      Shared path of the file system.
                                                                                                                                                      
+
                                                                                                                                                      On the management console, choose Service List > Storage > Scalable File Service. You can obtain the shared path of the file system from the Mount Address column.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      mountOptions
                                                                                                                                                      
+
                                                                                                                                                      mountOptions
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Mount options.
                                                                                                                                                      
-
                                                                                                                                                      If not specified, the following configurations are used by default. For details, see Configuring SFS Volume Mount Options.
                                                                                                                                                      
-
                                                                                                                                                      mountOptions:
+
                                                                                                                                                      Mount options.
                                                                                                                                                      
+
                                                                                                                                                      If not specified, the following configurations are used by default. For details, see Configuring SFS Volume Mount Options.
                                                                                                                                                      
+
                                                                                                                                                      mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      persistentVolumeReclaimPolicy
                                                                                                                                                      
+
                                                                                                                                                      persistentVolumeReclaimPolicy
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                                                                                      
-
                                                                                                                                                      The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same SFS volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                                                                      
-
                                                                                                                                                      Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                                                      
-
                                                                                                                                                      Delete: When a PVC is deleted, its PV will also be deleted.
                                                                                                                                                      
+
                                                                                                                                                      A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9.
                                                                                                                                                      
+
                                                                                                                                                      The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same SFS volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                                                                      
+
                                                                                                                                                      Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                                                      
+
                                                                                                                                                      Delete: When a PVC is deleted, its PV will also be deleted.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      storage
                                                                                                                                                      
+
                                                                                                                                                      storage
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Requested capacity in the PVC, in Gi.
                                                                                                                                                      
-
                                                                                                                                                      For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                                                                      
+
                                                                                                                                                      Requested capacity in the PVC, in Gi.
                                                                                                                                                      
+
                                                                                                                                                      For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                                                                      
+
                                                                                                                                                      storageClassName
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      StorageClass name csi-nas, indicating that SFS 1.0 Capacity-Oriented is used for storage.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      
                                                                                                                                                       
 
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                    2. Run the following command to create a PV:
                                                                                                                                                      kubectl apply -f pv-sfs.yaml
                                                                                                                                                      
+
                                                                                                                                                    3. Run the following command to create a PV:
                                                                                                                                                      kubectl apply -f pv-sfs.yaml
                                                                                                                                                      
 
                                                                                                                                                      4. 
-
                                                                                                                                                    4. Create a PVC.
                                                                                                                                                      1. Create the pvc-sfs.yaml file.
                                                                                                                                                        apiVersion: v1
+
                                                                                                                                                      2. Create a PVC.
                                                                                                                                                        1. Create the pvc-sfs.yaml file.
                                                                                                                                                          apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: pvc-sfs
+  name: pvc-sfs
   namespace: default
   annotations:
     volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
 spec:
   accessModes:
-  - ReadWriteMany               # The value must be ReadWriteMany for SFS.
+  - ReadWriteMany               # The value must be ReadWriteMany for SFS.
   resources:
     requests:
-      storage: 1Gi               # SFS volume capacity.
-  storageClassName: csi-nas     # Storage class name, which must be the same as the PV's storage class. 
-  volumeName: pv-sfs    # PV name
                                                                                                                                                          
+      storage: 1Gi               # SFS volume capacity
+  storageClassName: csi-nas     # StorageClass name, which must be the same as that of the PV
+  volumeName: pv-sfs    # PV name
 
-
                                                                                                                                                          
-
-
+
+
+
-
                                                                                                                                                          Table 3 Key parameters
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
-
+
+
+
+
                                                                                                                                                          Table 3 Key parameters
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          Mandatory
                                                                                                                                                          
+
                                                                                                                                                          Mandatory
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          storage
                                                                                                                                                          
+
                                                                                                                                                          storage
                                                                                                                                                          
 
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
 
                                                                                                                                                          Requested capacity in the PVC, in Gi.
                                                                                                                                                          
-
                                                                                                                                                          The value must be the same as the storage size of the existing PV.
                                                                                                                                                          
+
                                                                                                                                                          Requested capacity in the PVC, in Gi.
                                                                                                                                                          
+
                                                                                                                                                          The value must be the same as the storage size of the existing PV.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          volumeName
                                                                                                                                                          
+
                                                                                                                                                          storageClassName
                                                                                                                                                          
 
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
 
                                                                                                                                                          PV name, which must be the same as the PV name in 1.
                                                                                                                                                          
+
                                                                                                                                                          StorageClass name csi-nas, which must be the same as the StorageClass of the PV specified in 1. This indicates that SFS 1.0 Capacity-Oriented is used for storage.
                                                                                                                                                          
+
                                                                                                                                                          volumeName
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          PV name, which must be the same as the PV name in 1.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
                                                                                                                                                           
 
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                        2. Run the following command to create a PVC:
                                                                                                                                                          kubectl apply -f pvc-sfs.yaml
                                                                                                                                                          
+
                                                                                                                                                        3. Run the following command to create a PVC:
                                                                                                                                                          kubectl apply -f pvc-sfs.yaml
                                                                                                                                                          
 
                                                                                                                                                          4. 
-
                                                                                                                                                        4. Create an application.
                                                                                                                                                          1. Create a file named web-demo.yaml. In this example, the SFS volume is mounted to the /data path.
                                                                                                                                                            apiVersion: apps/v1
+
                                                                                                                                                          2. Create an application.
                                                                                                                                                            1. Create a file named web-demo.yaml. In this example, the SFS volume is mounted to the /data path.
                                                                                                                                                              apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: web-demo
@@ -268,16 +280,16 @@ spec:
       - name: container-1
         image: nginx:latest
         volumeMounts:
-        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field
+        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field
           mountPath: /data  # Location where the storage volume is mounted
       imagePullSecrets:
         - name: default-secret
       volumes:
         - name: pvc-sfs-volume    # Volume name, which can be customized
           persistentVolumeClaim:
-            claimName: pvc-sfs    # Name of the created PVC
                                                                                                                                                              
-
                                                                                                                                                            2. Run the following command to create a workload to which the SFS volume is mounted:
                                                                                                                                                              kubectl apply -f web-demo.yaml
                                                                                                                                                              
-
                                                                                                                                                              After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                                                              
+            claimName: pvc-sfs    # Name of the created PVC
+
                                                                                                                                                            3. Run the following command to create a workload to which the SFS volume is mounted:
                                                                                                                                                              kubectl apply -f web-demo.yaml
                                                                                                                                                              
+
                                                                                                                                                              After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                                                              
 
                                                                                                                                                            
 
                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0620.html b/docs/cce/umn/cce_10_0620.html
index 651ab9780..f32232d68 100644
--- a/docs/cce/umn/cce_10_0620.html
+++ b/docs/cce/umn/cce_10_0620.html
@@ -23,20 +23,26 @@
 
                                                                                                                                                          5. 
 
                                                                                                                                                          Creation Method
                                                                                                                                                          
 
                                                                                                                                                          • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                          • If underlying storage is available, create a PV or use an existing PV to statically create a PVC. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                                                                          
-
                                                                                                                                                          In this document, Dynamically provision is selected.
                                                                                                                                                          
+
                                                                                                                                                          • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                          • If underlying storage is available, create a PV or use an existing PV to statically create a PVC. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                                                                          
+
                                                                                                                                                          In this document, Dynamically provision is selected.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          Storage Classes
                                                                                                                                                          
 
                                                                                                                                                          The storage class for SFS volumes is csi-nas.
                                                                                                                                                          
+
                                                                                                                                                          The default StorageClass for SFS volumes is csi-nas.
                                                                                                                                                          
+
                                                                                                                                                          You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          (Optional) Storage Volume Name Prefix
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                          
-
                                                                                                                                                          This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                          
-
                                                                                                                                                          For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                          
+
                                                                                                                                                          This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                          
+
                                                                                                                                                          For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                          
+
                                                                                                                                                          Capacity (GiB)
                                                                                                                                                          
+
                                                                                                                                                          The value cannot be less than 10.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          Access Mode
                                                                                                                                                          
@@ -69,14 +75,14 @@
 
                                                                                                                                                          Mount Path
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Enter a mount path, for example, /tmp.
                                                                                                                                                          
-
                                                                                                                                                          This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                           NOTICE: 
                                                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                          
+
                                                                                                                                                          This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                           NOTICE: 
                                                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          		
 
                                                                                                                                                          
 
                                                                                                                                                          Subpath
                                                                                                                                                          
 
                                                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                          
+
                                                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          Permission
                                                                                                                                                          
@@ -106,14 +112,14 @@ metadata:
 
     everest.io/crypt-domain-id: <your_domain_id>   # (Optional) ID of the tenant to which an encrypted volume belongs. Mandatory for encrypting volumes.
 
-    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
+    everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
 spec:
   accessModes:
     - ReadWriteMany             # The value must be ReadWriteMany for SFS.
   resources:
     requests:
       storage: 1Gi             # SFS volume capacity
-  storageClassName: csi-nas    # StorageClass is SFS.
+  storageClassName: csi-nas    # StorageClass is SFS. 
 
 
                                                                                                                                                          
@@ -135,7 +141,8 @@ spec:
 
-
@@ -160,9 +167,9 @@ spec:
 
diff --git a/docs/cce/umn/cce_10_0624.html b/docs/cce/umn/cce_10_0624.html
index bf2740c52..478a7795e 100644
--- a/docs/cce/umn/cce_10_0624.html
+++ b/docs/cce/umn/cce_10_0624.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                          • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                                                          • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                                                          • Private network: Users can access data only in private networks of data centers.
                                                                                                                                                          • Data isolation: The on-cloud storage service provides exclusive cloud file storage, which delivers data isolation and ensures IOPS performance.
                                                                                                                                                          • Use cases: Deployments/StatefulSets in the ReadWriteMany mode, DaemonSets, and jobs created for high-traffic websites, log storage, DevOps, and enterprise OA applications
                                                                                                                                                          Application Scenarios
                                                                                                                                                          SFS Turbo supports the following mounting modes:
                                                                                                                                                          
-
+
 
                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0625.html b/docs/cce/umn/cce_10_0625.html
index ac25e7a14..8f2b63a15 100644
--- a/docs/cce/umn/cce_10_0625.html
+++ b/docs/cce/umn/cce_10_0625.html
@@ -58,7 +58,7 @@
 
 
                                                                                                                                                          
-
-
                                                                                                                                                          Table 2 Key parameters
                                                                                                                                                          Parameter
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          No
                                                                                                                                                          
 
                                                                                                                                                          This parameter is mandatory when an SFS system is encrypted. Enter the encryption key ID selected during SFS system creation. You can use a custom key or the default key named sfs/default.
                                                                                                                                                          
+
                                                                                                                                                          If StorageClass is csi-nas, you can determine whether to encrypt the underlying storage.
                                                                                                                                                          
+
                                                                                                                                                          This parameter is mandatory when an SFS system is encrypted. Enter the encryption key ID selected during SFS system creation. You can use a custom key or the default key named sfs/default.
                                                                                                                                                          
 
                                                                                                                                                          To obtain a key ID, log in to the DEW console, locate the key to be encrypted, and copy the key ID.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          No
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                          
-
                                                                                                                                                          This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                          
+
                                                                                                                                                          This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                          
 
                                                                                                                                                          Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                                          
-
                                                                                                                                                          For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                          
+
                                                                                                                                                          For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
 
 
 
 
                                                                                                                                                          Reclaim Policyb
                                                                                                                                                          
 
                                                                                                                                                          Only Retain is available. This indicates that the PV is not deleted when the PVC is deleted. For details, see PV Reclaim Policy. 
                                                                                                                                                          
+
                                                                                                                                                          Only Retain is available if you do not use subdirectories to create PVs. This indicates that the PV is not deleted when the PVC is deleted. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          Subdirectory Reclaim Policyb
                                                                                                                                                          
@@ -95,14 +95,14 @@
 
                                                                                                                                                          Mount Path
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Enter a mount path, for example, /tmp.
                                                                                                                                                          
-
                                                                                                                                                          This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                           NOTICE: 
                                                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                          
+
                                                                                                                                                          This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                           NOTICE: 
                                                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          		
 
                                                                                                                                                          
 
                                                                                                                                                          Subpath
                                                                                                                                                          
 
                                                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                          
+
                                                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          Permission
                                                                                                                                                          
@@ -120,12 +120,12 @@
 
 
                                                                                                                                                          
 
-
                                                                                                                                                          Using an Existing SFS File System Through kubectl
                                                                                                                                                          1. Use kubectl to access the cluster.
                                                                                                                                                          2. Create a PV.
                                                                                                                                                            1. Create the pv-sfsturbo.yaml file.
                                                                                                                                                              apiVersion: v1
+
                                                                                                                                                              Using an Existing SFS Turbo File System Through kubectl
                                                                                                                                                              1. Use kubectl to access the cluster.
                                                                                                                                                              2. Create a PV.
                                                                                                                                                                1. Create the pv-sfsturbo.yaml file.
                                                                                                                                                                  Example:
                                                                                                                                                                  
+
                                                                                                                                                                  apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only    # Used for a subdirectory when the reclaim policy is Delete. This parameter indicates that when a PVC is deleted, the PV will be deleted but the subdirectory associated with the PV will be retained.
   name: pv-sfsturbo    # PV name
 spec:
   accessModes:
@@ -140,41 +140,39 @@ spec:
       everest.io/share-export-location: <your_location>   # Shared path of the SFS Turbo volume
 
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-      everest.io/share-export-location: /a  # (Optional) This parameter indicates an automatically created subdirectory, which must be an absolute path. 
-      everest.io/volume-as: absolute-path   # (Optional) An SFS Turbo subdirectory is used. 
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy, which can be set to Delete when subdirectories are automatically created
-  storageClassName: csi-sfsturbo          # Storage class name of the SFS Turbo file system
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy
+  storageClassName: csi-sfsturbo          # StorageClass name of the SFS Turbo file system
   mountOptions: []                         # Mount options
                                                                                                                                                                  
 
-
                                                                                                                                                                  Table 2 Key parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -249,7 +222,7 @@ spec:
   resources:
     requests:
       storage: 500Gi               # SFS Turbo volume capacity.
-  storageClassName: csi-sfsturbo       # Storage class name of the SFS Turbo file system, which must be the same as that of the PV
+  storageClassName: csi-sfsturbo       # StorageClass name of the SFS Turbo file system, which must be the same as that of the PV
   volumeName: pv-sfsturbo    # PV name
                                                                                                                                                                  Table 2 Key parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
+
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  volumeHandle
                                                                                                                                                                  
+
                                                                                                                                                                  volumeHandle
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  SFS Turbo volume ID.
                                                                                                                                                                  
+
                                                                                                                                                                  ID of an SFS Turbo file system for creating a PV.
                                                                                                                                                                  
 
                                                                                                                                                                  How to obtain: Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS Turbo file system. On the details page, copy the content following ID.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  everest.io/share-export-location
                                                                                                                                                                  
+
                                                                                                                                                                  everest.io/share-export-location
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Shared path of the SFS Turbo volume.
                                                                                                                                                                  
-
                                                                                                                                                                  Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. You can obtain the shared path of the file system from the Mount Address column.
                                                                                                                                                                  
+
                                                                                                                                                                  Shared path of the SFS Turbo volume.
                                                                                                                                                                  
+
                                                                                                                                                                  Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. You can obtain the shared path of the file system.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  mountOptions
                                                                                                                                                                  
+
                                                                                                                                                                  mountOptions
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  No
                                                                                                                                                                  
 
                                                                                                                                                                  Mount options.
                                                                                                                                                                  
+
                                                                                                                                                                  Mount options.
                                                                                                                                                                  
 
                                                                                                                                                                  If not specified, the following configurations are used by default. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                                                  
 
                                                                                                                                                                  mountOptions:
 - vers=3
@@ -183,51 +181,26 @@ spec:
 - hard
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  persistentVolumeReclaimPolicy
                                                                                                                                                                  
+
                                                                                                                                                                  persistentVolumeReclaimPolicy
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9. For details, see PV Reclaim Policy.
                                                                                                                                                                  
+
                                                                                                                                                                  A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9. For details, see PV Reclaim Policy.
                                                                                                                                                                  
 
                                                                                                                                                                  Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  everest.io/reclaim-policy
                                                                                                                                                                  
+
                                                                                                                                                                  storage
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Whether to retain subdirectories when deleting a PVC. This parameter must be used with PV Reclaim Policy. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                                                                  
-
                                                                                                                                                                  • retain-volume-only: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                                  • delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                                                     NOTE: 
                                                                                                                                                                    When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                  
+
                                                                                                                                                                  Requested capacity in the PVC, in Gi.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  everest.io/volume-as
                                                                                                                                                                  
+
                                                                                                                                                                  storageClassName
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  The value is fixed at absolute-path, indicating that a dynamically created SFS Turbo subdirectory is used.
                                                                                                                                                                  
-
                                                                                                                                                                  Ensure Everest of v2.3.23 or later has been installed in the cluster.
                                                                                                                                                                  
-
                                                                                                                                                                  everest.io/path
                                                                                                                                                                  
-
                                                                                                                                                                  No
                                                                                                                                                                  
-
                                                                                                                                                                  Subdirectory that is automatically created, which must be an absolute path.
                                                                                                                                                                  
-
                                                                                                                                                                  storage
                                                                                                                                                                  
-
                                                                                                                                                                  Yes
                                                                                                                                                                  
-
                                                                                                                                                                  Requested capacity in the PVC, in Gi.
                                                                                                                                                                  
-
                                                                                                                                                                  storageClassName
                                                                                                                                                                  
-
                                                                                                                                                                  Yes
                                                                                                                                                                  
-
                                                                                                                                                                  The storage class name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                  
+
                                                                                                                                                                  The StorageClass name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
 
                                                                                                                                                                  
-
                                                                                                                                                                  Table 3 Key parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
@@ -272,8 +245,8 @@ spec:
 
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                                                                                                  
-
                                                                                                                                                                  The storage class name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                  
+
                                                                                                                                                                  StorageClass name, which must be the same as the StorageClass of the PV in 1.
                                                                                                                                                                  
+
                                                                                                                                                                  The StorageClass name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  volumeName
                                                                                                                                                                  
@@ -320,6 +293,202 @@ spec:
 
 
                                                                                                                                                                  
 
+
                                                                                                                                                                  Using Subdirectories of an Existing SFS Turbo File System Through kubectl
                                                                                                                                                                  1. Use kubectl to access the cluster.
                                                                                                                                                                  2. Create a PV.
                                                                                                                                                                    1. Create the pv-sfsturbo.yaml file.
                                                                                                                                                                      Example:
                                                                                                                                                                      apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+    everest.io/reclaim-policy: retain-volume-only    # When a PVC is deleted, the PV will be deleted but the subdirectories associated with the PV will be retained. This parameter is available only when subdirectories are used and the reclaim policy is Delete.
+  name: pv-sfsturbo    # PV name
+spec:
+  accessModes:
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS Turbo.
+  capacity:
+    storage: 500Gi       # SFS Turbo volume capacity
+  csi:
+    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting
+    fsType: nfs
+    volumeHandle: pv-sfsturbo   # PV name when subdirectories are used
+    volumeAttributes:
+      everest.io/share-export-location: <sfsturbo_path>:/<absolute_path>   # Shared path and subdirectory of the SFS Turbo file system
+
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
+      everest.io/volume-as: absolute-path   # (Optional) An SFS Turbo subdirectory is used.
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy, which can be set to Delete when subdirectories are automatically created
+  storageClassName: csi-sfsturbo          # StorageClass name of the SFS Turbo file system
+  mountOptions: []                         # Mount options
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 4 Key parameters
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Mandatory
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      volumeHandle
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      PV name when an SFS Turbo subdirectory is used to create the PV.
                                                                                                                                                                      
+
                                                                                                                                                                      everest.io/share-export-location
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      Shared path of the SFS Turbo subdirectory.
                                                                                                                                                                      
+
                                                                                                                                                                      Format:
                                                                                                                                                                      
+
                                                                                                                                                                      {sfsturbo_path}:/{absolute_path}
                                                                                                                                                                      
+
                                                                                                                                                                      How to obtain:
                                                                                                                                                                      
+
                                                                                                                                                                      Log in to the CCE console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. You can obtain the shared path of the file system.
                                                                                                                                                                      
+
                                                                                                                                                                      mountOptions
                                                                                                                                                                      
+
                                                                                                                                                                      No
                                                                                                                                                                      
+
                                                                                                                                                                      Mount options.
                                                                                                                                                                      
+
                                                                                                                                                                      If not specified, the following configurations are used by default. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                                                      
+
                                                                                                                                                                      mountOptions:
+- vers=3
+- timeo=600
+- nolock
+- hard
                                                                                                                                                                      
+
                                                                                                                                                                      persistentVolumeReclaimPolicy
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      A reclaim policy is supported when the cluster version is or later than 1.19.10 and the Everest version is or later than 1.2.9. For details, see PV Reclaim Policy.
                                                                                                                                                                      
+
                                                                                                                                                                      Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete these resources. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                                                                      
+
                                                                                                                                                                      Delete: This parameter can be configured when subdirectories are automatically created, indicating that the PV is deleted when a PVC is deleted.
                                                                                                                                                                      
+
                                                                                                                                                                      everest.io/reclaim-policy
                                                                                                                                                                      
+
                                                                                                                                                                      No
                                                                                                                                                                      
+
                                                                                                                                                                      Whether to retain subdirectories when deleting a PVC. This parameter must be used with PV Reclaim Policy. This parameter is available only when the PV reclaim policy is Delete. Options:
                                                                                                                                                                      
+
                                                                                                                                                                      • retain-volume-only: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                                      • delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        When a subdirectory is deleted, only the absolute path of the subdirectory configured in the PVC will be deleted. The upper-layer directory will not be deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      everest.io/volume-as
                                                                                                                                                                      
+
                                                                                                                                                                      No
                                                                                                                                                                      
+
                                                                                                                                                                      The value is fixed at absolute-path, indicating that a dynamically created SFS Turbo subdirectory is used.
                                                                                                                                                                      
+
                                                                                                                                                                      Ensure Everest of v2.3.23 or later has been installed in the cluster.
                                                                                                                                                                      
+
                                                                                                                                                                      storage
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      Requested capacity in the PVC, in Gi. If a subdirectory is used, this parameter serves no purpose other than for verification and must have a non-empty, non-zero value.
                                                                                                                                                                      
+
                                                                                                                                                                      storageClassName
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      The StorageClass name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a PV:
                                                                                                                                                                      kubectl apply -f pv-sfsturbo.yaml
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                  3. Create a PVC.
                                                                                                                                                                    1. Create the pvc-sfsturbo.yaml file.
                                                                                                                                                                      apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-sfsturbo
+  namespace: default
+  annotations:
+    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
+
+spec:
+  accessModes:
+  - ReadWriteMany                  # The value must be ReadWriteMany for SFS Turbo.
+  resources:
+    requests:
+      storage: 500Gi               # SFS Turbo volume capacity.
+  storageClassName: csi-sfsturbo       # StorageClass name of the SFS Turbo file system, which must be the same as that of the PV
+  volumeName: pv-sfsturbo    # PV name
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 5 Key parameters
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Mandatory
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      storage
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      Requested capacity in the PVC, in Gi.
                                                                                                                                                                      
+
                                                                                                                                                                      The value must be the same as the storage size of the existing PV.
                                                                                                                                                                      
+
                                                                                                                                                                      storageClassName
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      StorageClass name, which must be the same as the StorageClass of the PV in 1.
                                                                                                                                                                      
+
                                                                                                                                                                      The StorageClass name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                      
+
                                                                                                                                                                      volumeName
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      PV name, which must be the same as the PV name in 1.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a PVC:
                                                                                                                                                                      kubectl apply -f pvc-sfsturbo.yaml
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                  4. Create an application.
                                                                                                                                                                    1. Create a file named web-demo.yaml. In this example, the SFS Turbo volume is mounted to the /data path.
                                                                                                                                                                      apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-demo
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: web-demo
+  template:
+    metadata:
+      labels:
+        app: web-demo
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-sfsturbo-volume    # Volume name, which must be the same as the volume name in the volumes field
+          mountPath: /data  # Location where the storage volume is mounted
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-sfsturbo-volume    # Volume name, which can be customized
+          persistentVolumeClaim:
+            claimName: pvc-sfsturbo    # Name of the created PVC
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a workload to which the SFS Turbo volume is mounted:
                                                                                                                                                                      kubectl apply -f web-demo.yaml
                                                                                                                                                                      
+
                                                                                                                                                                      After the workload is created, you can try Verifying Data Persistence and Sharing.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  Verifying Data Persistence and Sharing
                                                                                                                                                                  1. View the deployed application and files.
                                                                                                                                                                    1. Run the following command to view the created pod:
                                                                                                                                                                      kubectl get pod | grep web-demo
                                                                                                                                                                      
 
                                                                                                                                                                      Expected output:
                                                                                                                                                                      web-demo-846b489584-mjhm9   1/1     Running   0             46s
 web-demo-846b489584-wvv5s   1/1     Running   0             46s
                                                                                                                                                                      
@@ -363,44 +532,44 @@ static
 
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Related Operations
                                                                                                                                                                  You can also perform the operations listed in Table 4.
-
                                                                                                                                                                  
-
-
-
-
@@ -172,9 +173,9 @@ spec:
 
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0636.html b/docs/cce/umn/cce_10_0636.html
index 0fd261dde..8dcaadb3f 100644
--- a/docs/cce/umn/cce_10_0636.html
+++ b/docs/cce/umn/cce_10_0636.html
@@ -1,8 +1,7 @@
 
                                                                                                                                                                  Ephemeral Volumes
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                    
 
                                                                                                                                                                  • Overview
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0642.html b/docs/cce/umn/cce_10_0642.html
index 4ed713439..ae757d398 100644
--- a/docs/cce/umn/cce_10_0642.html
+++ b/docs/cce/umn/cce_10_0642.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                    Importing a PV to a Storage Pool
                                                                                                                                                                    
-
                                                                                                                                                                    CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. Before creating a local PV, import the data disk of the node to the storage pool.
                                                                                                                                                                    
+
                                                                                                                                                                    CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. Before creating a local PV, import the data disk of the node to the storage pool.
                                                                                                                                                                    
 
                                                                                                                                                                    Notes and Constraints
                                                                                                                                                                    • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                    
 
                                                                                                                                                                    • The first data disk (used by container runtime and the kubelet component) on a node cannot be imported as a storage pool.
                                                                                                                                                                    • Storage pools in striped mode do not support scale-out. After scale-out, fragmented space may be generated and the storage pool cannot be used.
                                                                                                                                                                    • Storage pools cannot be scaled in or deleted.
                                                                                                                                                                    • If disks in a storage pool on a node are deleted, the storage pool will malfunction.
                                                                                                                                                                    
 
                                                                                                                                                                    
@@ -12,9 +12,13 @@
 
                                                                                                                                                                    If no PV is imported during node creation, or the capacity of the current PV is insufficient, you can manually import a PV.
                                                                                                                                                                    
 
                                                                                                                                                                    1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                                    2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    3. Choose Storage in the navigation pane. In the right pane, click the Storage Pool tab.
                                                                                                                                                                    4. View the node to which the disk has been added and select Import as PV. You can select a write mode during the import.
                                                                                                                                                                       
                                                                                                                                                                      If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                                      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                                      
+
                                                                                                                                                                      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                                      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    
+
                                                                                                                                                                    Expanding a Storage Pool
                                                                                                                                                                    The capacity of a storage pool can be expanded in either of the following ways:
                                                                                                                                                                    
+
                                                                                                                                                                    1. Add more large-capacity disks to the pool using the preceding manual import method.
                                                                                                                                                                    2. Increase the size of the existing disks on the ECS console. Then, the storage pool capacity will be automatically expanded.
                                                                                                                                                                    
+
                                                                                                                                                                    Either of these methods will work.
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0649.html b/docs/cce/umn/cce_10_0649.html
index 58a872f18..d8d53005b 100644
--- a/docs/cce/umn/cce_10_0649.html
+++ b/docs/cce/umn/cce_10_0649.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    To use node flavor priorities, the Autoscaler version must be 1.19.35, 1.21.28, 1.23.30, 1.25.20, or later. To balance load among AZs, the version must be 1.23.122, 1.25.117, 1.27.85, 1.28.52, or later.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Elastic Capacity Expansion Policies
                                                                                                                                                                    Node pools are scaled according to their priorities and flavor priorities.
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    1. Predictive flavor filtering:
                                                                                                                                                                      • The predictive algorithm chooses proper flavors that meet the scheduling needs of pending pods from all node pools.
                                                                                                                                                                      • To schedule pods, various factors are considered, including whether the node resources meet the requested resources of the pods, and if the nodeSelector, nodeAffinity, and taints satisfy the conditions for pod scheduling.
                                                                                                                                                                      • Additionally, if certain node pool flavors experience scale-out failures, such as insufficient resources, and enter a 5-minute cooldown period, the scale-out algorithm will automatically exclude them from consideration during that time.
                                                                                                                                                                      
 
                                                                                                                                                                    2. Node pool sorting by priority
                                                                                                                                                                      Node pools are assigned priorities and sorted accordingly. The node pool with the highest priority is preferentially selected.
                                                                                                                                                                      
 
                                                                                                                                                                    3. Flavor selection by priority
                                                                                                                                                                      When multiple node pools have the same highest priority, the flavor with the highest priority is selected according to the following rules:
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0651.html b/docs/cce/umn/cce_10_0651.html
index 004b651bd..f1e6f9000 100644
--- a/docs/cce/umn/cce_10_0651.html
+++ b/docs/cce/umn/cce_10_0651.html
@@ -128,9 +128,9 @@ spec:
 
                                                                                                                                                                  Table 4 Related operations
                                                                                                                                                                  Operation
                                                                                                                                                                  
+
                                                                                                                                                                  Related Operations
                                                                                                                                                                  You can also perform the operations listed in Table 6.
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0626.html b/docs/cce/umn/cce_10_0626.html
index 954b358a2..0551b5b7a 100644
--- a/docs/cce/umn/cce_10_0626.html
+++ b/docs/cce/umn/cce_10_0626.html
@@ -58,7 +58,7 @@
 
                                                                                                                                                                  Table 6 Related operations
                                                                                                                                                                  Operation
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
 
                                                                                                                                                                  Procedure
                                                                                                                                                                  
+
                                                                                                                                                                  Procedure
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Creating a storage volume (PV)
                                                                                                                                                                  
+
                                                                                                                                                                  Creating a storage volume (PV)
                                                                                                                                                                  
 
                                                                                                                                                                  Create a PV on the CCE console.
                                                                                                                                                                  
+
                                                                                                                                                                  Create a PV on the CCE console.
                                                                                                                                                                  
 
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                                                                    • Volume Type: Select SFS Turbo.
                                                                                                                                                                    • SFS Turbo: Click Select SFS Turbo. On the page displayed, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                                                                    • Subdirectory: Determine whether to use subdirectories to create PVs. Enter the absolute path of a subdirectory, for example, /a/b. Ensure that the subdirectory is available.
                                                                                                                                                                    • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                                                                    • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                    • Reclaim Policy: Only Retain is supported if you do not use subdirectories to create PVs. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                                                                                    • Subdirectory Reclaim Policy: Determine whether to retain subdirectories when a PVC is deleted. This parameter must be used with PV Reclaim Policy and can be configured when PV Reclaim Policy is set to Delete.
                                                                                                                                                                      Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                                      
+
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVs tab. Click Create PersistentVolume in the upper right corner. In the dialog box displayed, configure parameters.
                                                                                                                                                                    • Volume Type: Select SFS Turbo.
                                                                                                                                                                    • SFS Turbo: Click Select SFS Turbo. On the page displayed, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                                                                    • Subdirectory: Determine whether to use subdirectories to create PVs. Enter the absolute path of a subdirectory, for example, /a/b. Ensure that the subdirectory is available.
                                                                                                                                                                    • PV Name: Enter the PV name, which must be unique in a cluster.
                                                                                                                                                                    • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                    • Reclaim Policy: Only Retain is supported if you do not use subdirectories to create PVs. For details, see PV Reclaim Policy. If you choose to use a subdirectory to create a PV, the value of this parameter can be Delete.
                                                                                                                                                                    • Subdirectory Reclaim Policy: Determine whether to retain subdirectories when a PVC is deleted. This parameter must be used with PV Reclaim Policy and can be configured when PV Reclaim Policy is set to Delete.
                                                                                                                                                                      Retain: If a PVC is deleted, the PV will be deleted, but the subdirectories associated with the PV will be retained.
                                                                                                                                                                      
 
                                                                                                                                                                      Delete: After a PVC is deleted, the PV and its associated subdirectories will also be deleted.
                                                                                                                                                                      
 
                                                                                                                                                                    • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                                                    
 
                                                                                                                                                                  2. Click Create.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Expanding the capacity of an SFS Turbo volume
                                                                                                                                                                  
+
                                                                                                                                                                  Expanding the capacity of an SFS Turbo volume
                                                                                                                                                                  
 
                                                                                                                                                                  Quickly expand the capacity of a mounted SFS Turbo volume on the CCE console.
                                                                                                                                                                  
+
                                                                                                                                                                  Quickly expand the capacity of a mounted SFS Turbo volume on the CCE console.
                                                                                                                                                                  
 
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                  2. Enter the capacity to be added and click OK.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                  2. Enter the capacity to be added and click OK.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Viewing events
                                                                                                                                                                  
+
                                                                                                                                                                  Viewing events
                                                                                                                                                                  
 
                                                                                                                                                                  View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                  
+
                                                                                                                                                                  View event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                  
 
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                                  2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                                                                  
+
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                                  2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (events are retained for one hour).
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Viewing a YAML file
                                                                                                                                                                  
+
                                                                                                                                                                  Viewing a YAML file
                                                                                                                                                                  
 
                                                                                                                                                                  View, copy, or download the YAML file of a PVC or PV.
                                                                                                                                                                  
+
                                                                                                                                                                  View, copy, or download the YAML file of a PVC or PV.
                                                                                                                                                                  
 
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                                  2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Choose Storage in the navigation pane. In the right pane, click the PVCs or PVs tab.
                                                                                                                                                                  2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                                                                  
+
                                                                                                                                                                  You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Configuring Mount Options in a PV
                                                                                                                                                                  You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Turbo Mount Options.
                                                                                                                                                                  
 
                                                                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  2. Configure mount options in a PV. Example:
                                                                                                                                                                    apiVersion: v1
@@ -81,14 +81,14 @@ spec:
 
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy
-  storageClassName: csi-sfsturbo           # Storage class name of the SFS Turbo file system
+  storageClassName: csi-sfsturbo           # StorageClass name of the SFS Turbo file system
   mountOptions:                            # Mount options
   - vers=3
   - nolock
   - timeo=600
   - hard
                                                                                                                                                                    
 
                                                                                                                                                                  3. After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload. For details, see Using an Existing SFS Turbo File System Through a Static PV.
                                                                                                                                                                  4. Check whether the mount options take effect.
                                                                                                                                                                    In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can run the mount -l command to check whether the mount options take effect.
                                                                                                                                                                    1. View the pod to which the SFS Turbo volume has been mounted. In this example, the workload name is web-sfsturbo.
                                                                                                                                                                      kubectl get pod | grep web-sfsturbo
                                                                                                                                                                      
-
                                                                                                                                                                      Command output:
                                                                                                                                                                      
+
                                                                                                                                                                      The command output is as follows:
                                                                                                                                                                      
 
                                                                                                                                                                      web-sfsturbo-***   1/1     Running   0             23m
                                                                                                                                                                      
 
                                                                                                                                                                    2. Run the following command to check the mount options (web-sfsturbo-*** is an example pod):
                                                                                                                                                                      kubectl exec -it web-sfsturbo-*** -- mount -l | grep nfs
                                                                                                                                                                      
 
                                                                                                                                                                      If the mounting information in the command output is consistent with the configured mount options, the mount options have been configured.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0628.html b/docs/cce/umn/cce_10_0628.html
index 75084d1e9..69b212ca9 100644
--- a/docs/cce/umn/cce_10_0628.html
+++ b/docs/cce/umn/cce_10_0628.html
@@ -5,8 +5,8 @@
 
                                                                                                                                                                      • Standard APIs: With HTTP RESTful APIs, OBS allows you to use client tools or third-party tools to access object storage.
                                                                                                                                                                      • Data sharing: Servers, embedded devices, and IoT devices can use the same path to access shared object data in OBS.
                                                                                                                                                                      • Public/Private networks: OBS allows data to be accessed from public networks to meet Internet application requirements.
                                                                                                                                                                      • Capacity and performance: No capacity limit; high performance (I/O latency within 10 ms).
                                                                                                                                                                      • Use cases: Deployments/StatefulSets in the ReadOnlyMany mode and jobs created for big data analysis, static website hosting, online VOD, gene sequencing, intelligent video surveillance, backup and archiving, and enterprise cloud boxes (web disks). You can create object storage by using the OBS console, tools, and SDKs.
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    OBS Specifications
                                                                                                                                                                    OBS provides multiple storage classes to meet customers' requirements on storage performance and costs.
                                                                                                                                                                    
-
                                                                                                                                                                    • Parallel File System (PFS): an optimized high-performance file system provided by OBS for speedy processing of HPC workloads. PFS boasts millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS, making it a reliable choice for those seeking top-notch performance. PFS outperforms OBS buckets. 
                                                                                                                                                                    • Object bucket
                                                                                                                                                                      • Standard: features low latency and high throughput. It is therefore good for storing frequently (multiple times per month) accessed files or small files (less than 1 MB). Its application scenarios include big data analytics, mobile apps, hot videos, and social apps.
                                                                                                                                                                      • OBS Infrequent Access: applicable to storing semi-frequently accessed (less than 12 times a year) data requiring quick response. Its application scenarios include file synchronization or sharing, and enterprise-level backup. This storage class has the same durability, low latency, and high throughput as the Standard storage class, with a lower cost, but its availability is slightly lower than the Standard storage class.
                                                                                                                                                                      
-
                                                                                                                                                                    
+
                                                                                                                                                                    • Object buckets provide reliable, high-performance, secure, and budget-friendly storage for data. They have no restrictions on the quantity of files or storage capacity.
                                                                                                                                                                      • Standard: features low latency and high throughput. It is therefore good for storing frequently (multiple times per month) accessed files or small files (less than 1 MB). Its application scenarios include big data analytics, mobile apps, hot videos, and social apps.
                                                                                                                                                                      • OBS Infrequent Access: applicable to storing semi-frequently accessed (less than 12 times a year) data requiring quick response. Its application scenarios include file synchronization or sharing, and enterprise-level backup. This storage class has the same durability, low latency, and high throughput as the Standard storage class, with a lower cost, but its availability is slightly lower than the Standard storage class.
                                                                                                                                                                      
+
                                                                                                                                                                    • Parallel file systems are a sub-product of OBS designed to provide high-performance file semantics for big data scenarios. 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Performance
                                                                                                                                                                    Every time an OBS volume is mounted to a container workload, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. The amount of memory required in these scenarios is listed Table 1. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0630.html b/docs/cce/umn/cce_10_0630.html
index ab6edfc68..a6825335c 100644
--- a/docs/cce/umn/cce_10_0630.html
+++ b/docs/cce/umn/cce_10_0630.html
@@ -30,19 +30,20 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  Storage Classes
                                                                                                                                                                  
 
                                                                                                                                                                  StorageClass name, which is csi-obs for an OBS volume.
                                                                                                                                                                  
+
                                                                                                                                                                  The default StorageClass for OBS volumes is csi-obs.
                                                                                                                                                                  
+
                                                                                                                                                                  You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  (Optional) Storage Volume Name Prefix
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
-
                                                                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Instance Type
                                                                                                                                                                  
 
                                                                                                                                                                  • Parallel file system: a high-performance file system provided by OBS. It provides millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS. Parallel file systems are recommended.
                                                                                                                                                                  • Object bucket: a container that stores objects in OBS. All objects in a bucket are at the same logical level.
                                                                                                                                                                  
+
                                                                                                                                                                  • Parallel file system: a high-performance file system provided by OBS. It provides millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS.
                                                                                                                                                                  • Object bucket: provides reliable, high-performance, secure, and budget-friendly storage for data. They have no restrictions on the quantity of files or storage capacity.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  OBS Class
                                                                                                                                                                  
@@ -83,14 +84,14 @@
 
                                                                                                                                                                  Mount Path
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Subpath
                                                                                                                                                                  
 
                                                                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Permission
                                                                                                                                                                  
@@ -119,7 +120,7 @@ metadata:
     csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>       # Custom secret name
     csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>    # Namespace of the custom secret
 
-    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
+    everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
 spec:
   accessModes:
     - ReadWriteMany             # The value must be ReadWriteMany for OBS.
@@ -140,7 +141,7 @@ spec:
                                                                                                                                                                   		
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  OBS storage class.
                                                                                                                                                                  
+
                                                                                                                                                                  OBS StorageClass.
                                                                                                                                                                  
 
                                                                                                                                                                  • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                                                                                                  • This parameter is invalid when fsType is set to obsfs.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
 
                                                                                                                                                                  Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                                                  
-
                                                                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
+
                                                                                                                                                                  For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  storage
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0631.html b/docs/cce/umn/cce_10_0631.html
index f26710806..1ba983b62 100644
--- a/docs/cce/umn/cce_10_0631.html
+++ b/docs/cce/umn/cce_10_0631.html
@@ -144,7 +144,7 @@ spec:
       name: <your_secret_name>       # Custom secret name
       namespace: <your_namespace>    # Namespace of the custom secret
   persistentVolumeReclaimPolicy: Retain    # Reclaim policy
-  storageClassName: csi-obs               # Storage class name
+  storageClassName: csi-obs               # StorageClass name
   mountOptions:                            # Mount options
   - umask=027
 
                                                                                                                                                                2. After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload. For details, see Using an Existing OBS Bucket Through a Static PV.
                                                                                                                                                                3. Check whether the mount options take effect.
                                                                                                                                                                  In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can log in to the node where the pod to which the OBS volume is mounted resides and view the progress details.
                                                                                                                                                                  
@@ -155,7 +155,7 @@ spec:
 
                                                                                                                                                                  4. 
 
 
                                                                                                                                                                  Configuring Mount Options in a StorageClass
                                                                                                                                                                  You can use the mountOptions field to configure mount options in a StorageClass. The options you can configure in mountOptions are listed in OBS Mount Options.
                                                                                                                                                                  
-
                                                                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  2. Create a customized StorageClass. Example:
                                                                                                                                                                    kind: StorageClass
+
                                                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Create a custom StorageClass. Example:
                                                                                                                                                                      kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: csi-obs-mount-option
diff --git a/docs/cce/umn/cce_10_0634.html b/docs/cce/umn/cce_10_0634.html
index 161489975..b6f118a8c 100644
--- a/docs/cce/umn/cce_10_0634.html
+++ b/docs/cce/umn/cce_10_0634.html
@@ -29,19 +29,22 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  Storage Classes
                                                                                                                                                                  
 
                                                                                                                                                                  The storage class of local PVs is csi-local-topology.
                                                                                                                                                                  
+
                                                                                                                                                                  The default StorageClass of local PVs is csi-local-topology.
                                                                                                                                                                  
+
                                                                                                                                                                  You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  (Optional) Storage Volume Name Prefix
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
-
                                                                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Capacity (GiB)
                                                                                                                                                                  
+
                                                                                                                                                                  Capacity
                                                                                                                                                                  
 
                                                                                                                                                                  Capacity of the requested storage volume.
                                                                                                                                                                  
+
                                                                                                                                                                  Requested capacity of the storage volume in GiB or MiB.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                                                                  
+
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Access Mode
                                                                                                                                                                  
@@ -77,14 +80,14 @@
 
                                                                                                                                                                  Mount Path
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Subpath
                                                                                                                                                                  
 
                                                                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Permission
                                                                                                                                                                  
@@ -108,7 +111,7 @@ metadata:
   name: pvc-local
   namespace: default
   annotations:
-    everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
+    everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
 spec:
   accessModes:
     - ReadWriteOnce             # The value must be ReadWriteOnce for local PVs.
@@ -130,16 +133,18 @@ spec:
 
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
 
                                                                                                                                                                  Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                                                  
-
                                                                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
+
                                                                                                                                                                  For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  storage
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Requested capacity in the PVC, in Gi.
                                                                                                                                                                  
+
                                                                                                                                                                  Requested PVC capacity in Gi or Mi.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                                                                  
+
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  storageClassName
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0635.html b/docs/cce/umn/cce_10_0635.html
index 9be877507..90763e3f1 100644
--- a/docs/cce/umn/cce_10_0635.html
+++ b/docs/cce/umn/cce_10_0635.html
@@ -2,6 +2,8 @@
 
 
                                                                                                                                                                  Dynamically Mounting a Local PV to a StatefulSet
                                                                                                                                                                  
 
                                                                                                                                                                  Application Scenarios
                                                                                                                                                                  Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on dynamic creation of PVs through StorageClass. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                                                                  
+
                                                                                                                                                                   
                                                                                                                                                                  When updating a StatefulSet in Kubernetes, it is not allowed to add or delete the volumeClaimTemplates field. This field can only be configured during the creation of the StatefulSet.
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Prerequisites
                                                                                                                                                                  
 
                                                                                                                                                                  
@@ -29,19 +31,22 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  Storage Classes
                                                                                                                                                                  
 
                                                                                                                                                                  The storage class of local PVs is csi-local-topology.
                                                                                                                                                                  
+
                                                                                                                                                                  The default StorageClass of local PVs is csi-local-topology.
                                                                                                                                                                  
+
                                                                                                                                                                  You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  (Optional) Storage Volume Name Prefix
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
-
                                                                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Capacity (GiB)
                                                                                                                                                                  
+
                                                                                                                                                                  Capacity
                                                                                                                                                                  
 
                                                                                                                                                                  Capacity of the requested storage volume.
                                                                                                                                                                  
+
                                                                                                                                                                  Requested capacity of the storage volume in GiB or MiB.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                                                                  
+
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Access Mode
                                                                                                                                                                  
@@ -68,14 +73,14 @@
 
                                                                                                                                                                  Mount Path
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Subpath
                                                                                                                                                                  
 
                                                                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Permission
                                                                                                                                                                  
@@ -122,7 +127,7 @@ spec:
         name: pvc-local
         namespace: default
         annotations:
-          everest.io/csi.volume-name-prefix: test  # (Optional) PV name prefix of the automatically created underlying storage
+          everest.io/csi.volume-name-prefix: test  # (Optional) Storage volume name prefix of the automatically created underlying storage
       spec:
         accessModes:
           - ReadWriteOnce               # The value must be ReadWriteOnce for local PVs.
@@ -163,23 +168,25 @@ spec:
 
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  (Optional) This parameter is available only when the cluster version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later, and Everest of v2.4.15 or later is installed in the cluster.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "PV name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies the name of the underlying storage that is automatically created. The actual underlying storage name is in the format of "Storage volume name prefix + PVC UID". If this parameter is left blank, the default prefix pvc will be used.
                                                                                                                                                                  
 
                                                                                                                                                                  Enter 1 to 26 characters that cannot start or end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                                                                  
-
                                                                                                                                                                  For example, if the PV name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
+
                                                                                                                                                                  For example, if the storage volume name prefix is set to test, the actual underlying storage name is test-{UID}.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  storage
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  Requested capacity in the PVC, in Gi.
                                                                                                                                                                  
+
                                                                                                                                                                  Requested PVC capacity in Gi or Mi.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  To implement local PVs, Logical Volume Manager (LVM) is used with a local extent (LE) of 4 MiB. If the requested PVC capacity is not a multiple of 4 MiB, the LVM logical volume's actual capacity will be rounded up to the nearest multiple of 4 MiB. For example, if you request 401 MiB of PVC capacity, the LVM logical volume's actual capacity will be 404 MiB (101 LEs), which is the same as what is displayed on the page.
                                                                                                                                                                  
+
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  storageClassName
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  The storage class of local PVs is csi-local-topology.
                                                                                                                                                                  
+
                                                                                                                                                                  The StorageClass of local PVs is csi-local-topology.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
 
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
-
                                                                                                                                                                  Table 2 Annotations of an EIP with a dedicated bandwidth
                                                                                                                                                                  Annotation
                                                                                                                                                                  
+
                                                                                                                                                                  
-
@@ -140,9 +140,9 @@ spec:
 
-
-
@@ -151,31 +151,32 @@ spec:
 
-
-
-
-
-
-
-
-
@@ -185,9 +186,9 @@ spec:
 
-
-
@@ -200,9 +201,9 @@ spec:
 
                                                                                                                                                                  Table 2 Annotations of an EIP with a dedicated bandwidth
                                                                                                                                                                  Annotation
                                                                                                                                                                  
 
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
+
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Default Value
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  yangtse.io/pod-with-eip
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/pod-with-eip
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  false
                                                                                                                                                                  
 
                                                                                                                                                                  false or true
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  yangtse.io/eip-bandwidth-size
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/eip-bandwidth-size
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  5
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Bandwidth, in Mbit/s
                                                                                                                                                                  
 
                                                                                                                                                                  The value range varies depending on the region and bandwidth billing mode. For details, see the EIP console.
                                                                                                                                                                  
+
                                                                                                                                                                  The value range varies depending on the region and bandwidth billing mode. For details, see the page on the EIP console.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  yangtse.io/eip-network-type
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/eip-network-type
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  5_bgp
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  EIP type
                                                                                                                                                                  
 
                                                                                                                                                                  The type varies depending on the region. For details, see on the EIP console.
                                                                                                                                                                  
+
                                                                                                                                                                  The type varies depending on the region. For details, see the page on the EIP console.
                                                                                                                                                                  
+
                                                                                                                                                                   		
 
                                                                                                                                                                  yangtse.io/eip-charge-mode
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/eip-charge-mode
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  None
                                                                                                                                                                  
 
                                                                                                                                                                  • bandwidth: billed by bandwidth
                                                                                                                                                                  • traffic: billed by traffic
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  yangtse.io/eip-bandwidth-name
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/eip-bandwidth-name
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Pod name
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
-
                                                                                                                                                                  Table 3 Annotations of an EIP with a shared bandwidth
                                                                                                                                                                  Annotation
                                                                                                                                                                  
+
                                                                                                                                                                  
-
@@ -212,32 +213,32 @@ spec:
 
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0652.html b/docs/cce/umn/cce_10_0652.html
index 0076d9130..8ae075729 100644
--- a/docs/cce/umn/cce_10_0652.html
+++ b/docs/cce/umn/cce_10_0652.html
@@ -4,768 +4,814 @@
 
                                                                                                                                                                  Notes and Constraints
                                                                                                                                                                  The default node pool does not support the following management operations.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Configuration Management
                                                                                                                                                                  CCE allows you to highly customize Kubernetes parameter settings on core components in a cluster. For more information, see kubelet.
                                                                                                                                                                  
-
                                                                                                                                                                  This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.
                                                                                                                                                                  
-
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                  3. Click Manage in the Operation column of the target node pool
                                                                                                                                                                  4. On the Manage Components page on the right, change the values of Kubernetes parameters.
                                                                                                                                                                    
-
                                                                                                                                                                  Table 3 Annotations of an EIP with a shared bandwidth
                                                                                                                                                                  Annotation
                                                                                                                                                                  
 
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
+
                                                                                                                                                                  Mandatory
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Default Value
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  yangtse.io/pod-with-eip
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/pod-with-eip
                                                                                                                                                                  
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
+
                                                                                                                                                                  Yes
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  false
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Whether to allocate an EIP with a pod and bind the EIP to the pod
                                                                                                                                                                  
 
                                                                                                                                                                  false or true
                                                                                                                                                                  
+
                                                                                                                                                                  false or true
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  yangtse.io/eip-network-type
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/eip-network-type
                                                                                                                                                                  
 
                                                                                                                                                                  No
                                                                                                                                                                  
+
                                                                                                                                                                  No
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  5_bgp
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  EIP type
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  • 5_bgp
                                                                                                                                                                  
-
                                                                                                                                                                  The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                  
+
                                                                                                                                                                  The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  yangtse.io/eip-bandwidth-id
                                                                                                                                                                  
+
                                                                                                                                                                  yangtse.io/eip-bandwidth-id
                                                                                                                                                                  
 
                                                                                                                                                                  Mandatory when a shared bandwidth is used
                                                                                                                                                                  
+
                                                                                                                                                                  Mandatory when a shared bandwidth is used
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  None
                                                                                                                                                                  
 
                                                                                                                                                                  Table 1 kubelet
                                                                                                                                                                  Item
                                                                                                                                                                  
+
                                                                                                                                                                  This function is supported only in clusters of v1.15 or later. It is not displayed for versions earlier than v1.15.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                  3. Locate the row containing the target node pool and choose More > Manage.
                                                                                                                                                                  4. On the Manage Configurations page on the right, modify node pool parameter setting.
                                                                                                                                                                    The following parameters can be configured for a node pool:
+
                                                                                                                                                                    
+
                                                                                                                                                                  5. Click OK.
                                                                                                                                                                  
+
+
                                                                                                                                                                  kubelet
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                  Item
                                                                                                                                                                  
 
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
 
                                                                                                                                                                  Value
                                                                                                                                                                  
+
                                                                                                                                                                  Value
                                                                                                                                                                  
 
                                                                                                                                                                  Modification
                                                                                                                                                                  
+
                                                                                                                                                                  Modification
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  CPU management policy
                                                                                                                                                                  
+
                                                                                                                                                                  CPU management policy
                                                                                                                                                                  
 
                                                                                                                                                                  cpu-manager-policy
                                                                                                                                                                  
+
                                                                                                                                                                  cpu-manager-policy
                                                                                                                                                                  
 
                                                                                                                                                                  CPU management policy configuration. For details, see CPU Scheduling.
                                                                                                                                                                  
-
                                                                                                                                                                  • none: disables pods from exclusively occupying CPUs. Select this value if you want a large pool of shareable CPU cores.
                                                                                                                                                                  • static: enables pods to exclusively occupy CPUs. Select this value if your workload is sensitive to latency in CPU cache and scheduling.
                                                                                                                                                                  
-
                                                                                                                                                                  • enhanced-static: allows burstable pods to preferentially use CPU cores. Select this value if your workload has huge peak-trough difference and is in the trough state most of the time.
                                                                                                                                                                  
+
                                                                                                                                                                  CPU management policy configuration. For details, see CPU Scheduling.
                                                                                                                                                                  
+
                                                                                                                                                                  • none: disables pods from exclusively occupying CPUs. Select this value if you want a large pool of shareable CPU cores.
                                                                                                                                                                  • static: enables pods to exclusively occupy CPUs. Select this value if your workload is sensitive to latency in CPU cache and scheduling.
                                                                                                                                                                  
+
                                                                                                                                                                  • enhanced-static: allows burstable pods to preferentially use CPU cores. Select this value if your workload has huge peak-trough difference and is in the trough state most of the time.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: none
                                                                                                                                                                  
+
                                                                                                                                                                  Default: none
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  QPS for requests to kube-apiserver
                                                                                                                                                                  
+
                                                                                                                                                                  QPS for requests to kube-apiserver
                                                                                                                                                                  
 
                                                                                                                                                                  kube-api-qps
                                                                                                                                                                  
+
                                                                                                                                                                  kube-api-qps
                                                                                                                                                                  
 
                                                                                                                                                                  Number of queries per second for communication with the API server.
                                                                                                                                                                  
+
                                                                                                                                                                  Number of queries per second for communication with the API server.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 100
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 100
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Burst for requests to kube-apiserver
                                                                                                                                                                  
+
                                                                                                                                                                  Burst for requests to kube-apiserver
                                                                                                                                                                  
 
                                                                                                                                                                  kube-api-burst
                                                                                                                                                                  
+
                                                                                                                                                                  kube-api-burst
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum number of burst requests sent to the API server per second.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of burst requests sent to the API server per second.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 100
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 100
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Limit on the pods managed by kubelet
                                                                                                                                                                  
+
                                                                                                                                                                  Limit on the pods managed by kubelet
                                                                                                                                                                  
 
                                                                                                                                                                  max-pods
                                                                                                                                                                  
+
                                                                                                                                                                  max-pods
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum number of pods that can run on a node.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of pods that can run on a node.
                                                                                                                                                                  
                                                                                                                                                                   		
+
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Limited number of processes in a pod
                                                                                                                                                                  
+
                                                                                                                                                                  Limited number of processes in a pod
                                                                                                                                                                  
 
                                                                                                                                                                  pod-pids-limit
                                                                                                                                                                  
+
                                                                                                                                                                  pod-pids-limit
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum number of PIDs that can be used in each pod.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of PIDs that can be used in each pod.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: -1, which indicates that the number of PIDs is not limited
                                                                                                                                                                  
+
                                                                                                                                                                  Default: -1, which indicates that the number of PIDs is not limited
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Whether to use a local IP address as a node's ClusterDNS
                                                                                                                                                                  
+
                                                                                                                                                                  Whether to use a local IP address as a node's ClusterDNS
                                                                                                                                                                  
 
                                                                                                                                                                  with-local-dns
                                                                                                                                                                  
+
                                                                                                                                                                  with-local-dns
                                                                                                                                                                  
 
                                                                                                                                                                  The default ENI IP address of the node will be automatically added to the node's kubelet configuration as the preferred DNS address.
                                                                                                                                                                  
+
                                                                                                                                                                  The default ENI IP address of the node will be automatically added to the node's kubelet configuration as the preferred DNS address.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: false
                                                                                                                                                                  
+
                                                                                                                                                                  Default: false
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  QPS limit on creating events
                                                                                                                                                                  
+
                                                                                                                                                                  QPS limit on creating events
                                                                                                                                                                  
 
                                                                                                                                                                  event-qps
                                                                                                                                                                  
+
                                                                                                                                                                  event-qps
                                                                                                                                                                  
 
                                                                                                                                                                  Number of events that can be generated per second.
                                                                                                                                                                  
+
                                                                                                                                                                  Number of events that can be generated per second.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 5
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 5
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Upper Limit for Burst Events
                                                                                                                                                                  
+
                                                                                                                                                                  Upper Limit for Burst Events
                                                                                                                                                                  
 
                                                                                                                                                                  event-burst
                                                                                                                                                                  
+
                                                                                                                                                                  event-burst
                                                                                                                                                                  
 
                                                                                                                                                                  Upper limit for burst event creation. The number of burst events can be temporarily increased to the specified value.
                                                                                                                                                                  
+
                                                                                                                                                                  Upper limit for burst event creation. The number of burst events can be temporarily increased to the specified value.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Allowed unsafe sysctls
                                                                                                                                                                  
+
                                                                                                                                                                  Allowed unsafe sysctls
                                                                                                                                                                  
 
                                                                                                                                                                  allowed-unsafe-sysctls
                                                                                                                                                                  
+
                                                                                                                                                                  allowed-unsafe-sysctls
                                                                                                                                                                  
 
                                                                                                                                                                  Insecure system configuration allowed.
                                                                                                                                                                  
-
                                                                                                                                                                  Starting from v1.17.17, CCE enables pod security policies for kube-apiserver. Add corresponding configurations to allowedUnsafeSysctls of a pod security policy to make the policy take effect. (This configuration is not required for clusters earlier than v1.17.17.) For details, see Example of Enabling Unsafe Sysctls in Pod Security Policy.
                                                                                                                                                                  
+
                                                                                                                                                                  Insecure system configuration allowed.
                                                                                                                                                                  
+
                                                                                                                                                                  Starting from v1.17.17, CCE enables pod security policies for kube-apiserver. Add corresponding configurations to allowedUnsafeSysctls of a pod security policy to make the policy take effect. (This configuration is not required for clusters earlier than v1.17.17.) For details, see Example of Enabling Unsafe Sysctls in Pod Security Policy.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: []
                                                                                                                                                                  
+
                                                                                                                                                                  Default: []
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Node oversubscription
                                                                                                                                                                  
+
                                                                                                                                                                  Node oversubscription
                                                                                                                                                                  
 
                                                                                                                                                                  over-subscription-resource
                                                                                                                                                                  
+
                                                                                                                                                                  over-subscription-resource
                                                                                                                                                                  
 
                                                                                                                                                                  Whether to enable node oversubscription.
                                                                                                                                                                  
-
                                                                                                                                                                  If this parameter is set to true, node oversubscription is enabled on nodes. For details, see Dynamic Resource Oversubscription.
                                                                                                                                                                  
+
                                                                                                                                                                  Whether to enable node oversubscription.
                                                                                                                                                                  
+
                                                                                                                                                                  If this parameter is set to true, node oversubscription is enabled on nodes. For details, see Dynamic Resource Oversubscription.
                                                                                                                                                                  
 
                                                                                                                                                                  • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
                                                                                                                                                                  • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later
                                                                                                                                                                  
+
                                                                                                                                                                  • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
                                                                                                                                                                  • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Hybrid deployment
                                                                                                                                                                  
+
                                                                                                                                                                  Hybrid deployment
                                                                                                                                                                  
 
                                                                                                                                                                  colocation
                                                                                                                                                                  
+
                                                                                                                                                                  colocation
                                                                                                                                                                  
 
                                                                                                                                                                  Whether to enable hybrid deployment on nodes.
                                                                                                                                                                  
-
                                                                                                                                                                  If this parameter is set to true, hybrid deployment is enabled on nodes. For details, see Dynamic Resource Oversubscription.
                                                                                                                                                                  
+
                                                                                                                                                                  Whether to enable hybrid deployment on nodes.
                                                                                                                                                                  
+
                                                                                                                                                                  If this parameter is set to true, hybrid deployment is enabled on nodes. For details, see Dynamic Resource Oversubscription.
                                                                                                                                                                  
 
                                                                                                                                                                  • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
                                                                                                                                                                  • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later
                                                                                                                                                                  
+
                                                                                                                                                                  • For clusters of versions earlier than v1.23.9-r0 or v1.25.4-r0: enabled (true) by default
                                                                                                                                                                  • Disabled by default if the cluster version is v1.23.9-r0, v1.25.4-r0, v1.27-r0, or later
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Topology management policy
                                                                                                                                                                  
+
                                                                                                                                                                  Topology management policy
                                                                                                                                                                  
 
                                                                                                                                                                  topology-manager-policy
                                                                                                                                                                  
+
                                                                                                                                                                  topology-manager-policy
                                                                                                                                                                  
 
                                                                                                                                                                  Set the topology management policy.
                                                                                                                                                                  
-
                                                                                                                                                                  Valid values are as follows:
                                                                                                                                                                  
-
                                                                                                                                                                  • restricted: kubelet accepts only pods that achieve optimal NUMA alignment on the requested resources.
                                                                                                                                                                  • best-effort: kubelet preferentially selects pods that implement NUMA alignment on CPU and device resources.
                                                                                                                                                                  • none (default): The topology management policy is disabled.
                                                                                                                                                                  • single-numa-node: kubelet allows only pods that are aligned to the same NUMA node in terms of CPU and device resources.
                                                                                                                                                                  
+
                                                                                                                                                                  Set the topology management policy.
                                                                                                                                                                  
+
                                                                                                                                                                  Valid values are as follows:
                                                                                                                                                                  
+
                                                                                                                                                                  • restricted: kubelet accepts only pods that achieve optimal NUMA alignment on the requested resources.
                                                                                                                                                                  • best-effort: kubelet preferentially selects pods that implement NUMA alignment on CPU and device resources.
                                                                                                                                                                  • none (default): The topology management policy is disabled.
                                                                                                                                                                  • single-numa-node: kubelet allows only pods that are aligned to the same NUMA node in terms of CPU and device resources.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: none
                                                                                                                                                                  
+
                                                                                                                                                                  Default: none
                                                                                                                                                                  
 
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  Modifying topology-manager-policy and topology-manager-scope will restart kubelet, and the resource allocation of pods will be recalculated based on the modified policy. In this case, running pods may restart or even fail to receive any resources.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  Modifying topology-manager-policy and topology-manager-scope will restart kubelet, and the resource allocation of pods will be recalculated based on the modified policy. In this case, running pods may restart or even fail to receive any resources.
                                                                                                                                                                  
 
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Topology management scope
                                                                                                                                                                  
+
                                                                                                                                                                  Topology management scope
                                                                                                                                                                  
 
                                                                                                                                                                  topology-manager-scope
                                                                                                                                                                  
+
                                                                                                                                                                  topology-manager-scope
                                                                                                                                                                  
 
                                                                                                                                                                  Configure the resource alignment granularity of the topology management policy. Valid values are as follows:
                                                                                                                                                                  
-
                                                                                                                                                                  • container (default)
                                                                                                                                                                  • pod
                                                                                                                                                                  
+
                                                                                                                                                                  Configure the resource alignment granularity of the topology management policy. Valid values are as follows:
                                                                                                                                                                  
+
                                                                                                                                                                  • container (default)
                                                                                                                                                                  • pod
                                                                                                                                                                  
 
                                                                                                                                                                  Default: container
                                                                                                                                                                  
+
                                                                                                                                                                  Default: container
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Specified DNS configuration file
                                                                                                                                                                  
+
                                                                                                                                                                  Specified DNS configuration file
                                                                                                                                                                  
 
                                                                                                                                                                  resolv-conf
                                                                                                                                                                  
+
                                                                                                                                                                  resolv-conf
                                                                                                                                                                  
 
                                                                                                                                                                  DNS resolution configuration file specified by the container
                                                                                                                                                                  
+
                                                                                                                                                                  DNS resolution configuration file specified by the container
                                                                                                                                                                  
 
                                                                                                                                                                  Default: null
                                                                                                                                                                  
+
                                                                                                                                                                  Default: null
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Timeout for all runtime requests except long-running requests
                                                                                                                                                                  
+
                                                                                                                                                                  Timeout for all runtime requests except long-running requests
                                                                                                                                                                  
 
                                                                                                                                                                  runtime-request-timeout
                                                                                                                                                                  
+
                                                                                                                                                                  runtime-request-timeout
                                                                                                                                                                  
 
                                                                                                                                                                  Timeout interval of all runtime requests except long-running requests (pull, logs, exec, and attach).
                                                                                                                                                                  
+
                                                                                                                                                                  Timeout interval of all runtime requests except long-running requests (pull, logs, exec, and attach).
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 2m0s
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 2m0s
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Whether to allow kubelet to pull only one image at a time
                                                                                                                                                                  
+
                                                                                                                                                                  Whether to allow kubelet to pull only one image at a time
                                                                                                                                                                  
 
                                                                                                                                                                  serialize-image-pulls
                                                                                                                                                                  
+
                                                                                                                                                                  serialize-image-pulls
                                                                                                                                                                  
 
                                                                                                                                                                  Pull an image in serial mode.
                                                                                                                                                                  
-
                                                                                                                                                                  • false: recommended configuration so that an image can be pulled in parallel mode to improve pod startup.
                                                                                                                                                                  • true: allows images to be pulled in serial mode.
                                                                                                                                                                  
+
                                                                                                                                                                  Pull an image in serial mode.
                                                                                                                                                                  
+
                                                                                                                                                                  • false: recommended configuration so that an image can be pulled in parallel mode to improve pod startup.
                                                                                                                                                                  • true: allows images to be pulled in serial mode.
                                                                                                                                                                  
 
                                                                                                                                                                  • Enabled by default if the cluster version is earlier than v1.21.12-r0, v1.23.11-r0, v1.27.3-r0 or v1.25.6-r0
                                                                                                                                                                  • Disabled by default if the cluster version is v1.21.12-r0, v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later
                                                                                                                                                                  
+
                                                                                                                                                                  • Enabled by default if the cluster version is earlier than v1.21.12-r0, v1.23.11-r0, v1.27.3-r0 or v1.25.6-r0
                                                                                                                                                                  • Disabled by default if the cluster version is v1.21.12-r0, v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Image repository pull limit per second
                                                                                                                                                                  
+
                                                                                                                                                                  Image repository pull limit per second
                                                                                                                                                                  
 
                                                                                                                                                                  registry-pull-qps
                                                                                                                                                                  
+
                                                                                                                                                                  registry-pull-qps
                                                                                                                                                                  
 
                                                                                                                                                                  QPS upper limit of an image repository.
                                                                                                                                                                  
+
                                                                                                                                                                  QPS upper limit of an image repository.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 5
                                                                                                                                                                  
-
                                                                                                                                                                  The value ranges from 1 to 50.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 5
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1 to 50
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Upper limit of burst image pull
                                                                                                                                                                  
+
                                                                                                                                                                  Upper limit of burst image pull
                                                                                                                                                                  
 
                                                                                                                                                                  registry-burst
                                                                                                                                                                  
+
                                                                                                                                                                  registry-burst
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum number of burst image pulls.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of burst image pulls.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
-
                                                                                                                                                                  The value ranges from 1 to 100 and must be greater than or equal to the value of registry-pull-qps.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
+
                                                                                                                                                                  The value ranges from 1 to 100 and must be greater than or equal to the value of registry-pull-qps.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.21.10-r0, v1.23.8-r0, v1.25.3-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Maximum Number of Container Log Files
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum Number of Container Log Files
                                                                                                                                                                  
 
                                                                                                                                                                  container-log-max-files
                                                                                                                                                                  
+
                                                                                                                                                                  container-log-max-files
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum number of container log files. When the number of existing log files exceeds this value, the earliest log file will be deleted to release space for new log files.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of container log files. When the number of existing log files exceeds this value, the earliest log file will be deleted to release space for new log files.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 2 to 100
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 2 to 100
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Maximum Container Log File Size
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum Container Log File Size
                                                                                                                                                                  
 
                                                                                                                                                                  container-log-max-size
                                                                                                                                                                  
+
                                                                                                                                                                  container-log-max-size
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum size of a single container log file. When the size of a log file reaches this value, the current log file will be closed and a new log file will be created to continue logging.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum size of a single container log file. When the size of a log file reaches this value, the current log file will be closed and a new log file will be created to continue logging.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 50
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1 to 4096
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 50
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1 to 4096
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Upper Limit for Image Garbage Collection
                                                                                                                                                                  
+
                                                                                                                                                                  Upper Limit for Image Garbage Collection
                                                                                                                                                                  
 
                                                                                                                                                                  image-gc-high-threshold
                                                                                                                                                                  
+
                                                                                                                                                                  image-gc-high-threshold
                                                                                                                                                                  
 
                                                                                                                                                                  When the kubelet disk usage reaches this value, kubelet starts to collect image garbage.
                                                                                                                                                                  
+
                                                                                                                                                                  When the kubelet disk usage reaches this value, kubelet starts to collect image garbage.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 80
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1 to 100
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 80
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1 to 100
                                                                                                                                                                  
 
                                                                                                                                                                  To disable image garbage collection, set this parameter to 100.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  To disable image garbage collection, set this parameter to 100.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Lower Limit for Image Garbage Collection
                                                                                                                                                                  
+
                                                                                                                                                                  Lower Limit for Image Garbage Collection
                                                                                                                                                                  
 
                                                                                                                                                                  image-gc-low-threshold
                                                                                                                                                                  
+
                                                                                                                                                                  image-gc-low-threshold
                                                                                                                                                                  
 
                                                                                                                                                                  When the disk usage reduces to this value, image garbage collection stops.
                                                                                                                                                                  
+
                                                                                                                                                                  When the disk usage reduces to this value, image garbage collection stops.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 70
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1 to 100
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 70
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1 to 100
                                                                                                                                                                  
 
                                                                                                                                                                  The value of this parameter cannot be greater than the upper limit for image garbage collection.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  The value of this parameter cannot be greater than the upper limit for image garbage collection.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Node memory reservation
                                                                                                                                                                  
+
                                                                                                                                                                  Node memory reservation
                                                                                                                                                                  
 
                                                                                                                                                                  system-reserved-mem
                                                                                                                                                                  
+
                                                                                                                                                                  system-reserved-mem
                                                                                                                                                                  
 
                                                                                                                                                                  System memory reservation reserves memory resources for OS system daemons such as sshd and udev.
                                                                                                                                                                  
+
                                                                                                                                                                  System memory reservation reserves memory resources for OS system daemons such as sshd and udev.
                                                                                                                                                                  
 
                                                                                                                                                                  Default value: automatically calculated, which varies depending on node flavors. For details, see Node Resource Reservation Policy.
                                                                                                                                                                  
+
                                                                                                                                                                  Default value: automatically calculated, which varies depending on node flavors. For details, see Node Resource Reservation Policy.
                                                                                                                                                                  
 
                                                                                                                                                                  The sum of kube-reserved-mem and system-reserved-mem must be less than 50% of the minimum memory of nodes in the node pool.
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  The sum of kube-reserved-mem and system-reserved-mem must be less than 50% of the minimum memory of nodes in the node pool.
                                                                                                                                                                  
+
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  kube-reserved-mem
                                                                                                                                                                  
+
                                                                                                                                                                  kube-reserved-mem
                                                                                                                                                                  
 
                                                                                                                                                                  Kubernetes memory reservation reserves memory resources for Kubernetes daemons such kubelet and container runtime.
                                                                                                                                                                  
+
                                                                                                                                                                  Kubernetes memory reservation reserves memory resources for Kubernetes daemons such kubelet and container runtime.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Hard eviction
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  Hard eviction
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  memory.available
                                                                                                                                                                  
+
                                                                                                                                                                  memory.available
                                                                                                                                                                  
 
                                                                                                                                                                  Available memory on a node.
                                                                                                                                                                  
+
                                                                                                                                                                  Available memory on a node.
                                                                                                                                                                  
 
                                                                                                                                                                  The value is fixed at 100 MiB.
                                                                                                                                                                  
+
                                                                                                                                                                  The value is fixed at 100 MiB.
                                                                                                                                                                  
 
                                                                                                                                                                  For details, see Node-pressure Eviction.
                                                                                                                                                                  
-
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  Exercise caution when modifying an eviction configuration item. Improper configuration may cause pods to be frequently evicted or fail to be evicted when the node is overloaded.
                                                                                                                                                                  
+
                                                                                                                                                                  For details, see Node-pressure Eviction.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  Exercise caution when modifying an eviction configuration item. Improper configuration may cause pods to be frequently evicted or fail to be evicted when the node is overloaded.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  kubelet can identify the following specific file system identifiers:
                                                                                                                                                                  
-
                                                                                                                                                                  • nodefs: main file system of a node. It is used for local disk volumes, emptyDir volumes that are not supported by memory, and log storage. For example, nodefs contains /var/lib/kubelet/.
                                                                                                                                                                  • imagefs: file system partition used by a container engine.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  kubelet can identify the following specific file system identifiers:
                                                                                                                                                                  
+
                                                                                                                                                                  • nodefs: main file system of a node. It is used for local disk volumes, emptyDir volumes that are not supported by memory, and log storage. For example, nodefs contains /var/lib/kubelet/.
                                                                                                                                                                  • imagefs: file system partition used by a container engine.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  nodefs.available
                                                                                                                                                                  
+
                                                                                                                                                                  nodefs.available
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by kubelet.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by kubelet.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 10%
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 10%
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  nodefs.inodesFree
                                                                                                                                                                  
+
                                                                                                                                                                  nodefs.inodesFree
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of available inodes in the filesystem used by kubelet.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of available inodes in the filesystem used by kubelet.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 5%
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 5%
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  imagefs.available
                                                                                                                                                                  
+
                                                                                                                                                                  imagefs.available
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 10%
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 10%
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  imagefs.inodesFree
                                                                                                                                                                  
+
                                                                                                                                                                  imagefs.inodesFree
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of available inodes in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of available inodes in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  pid.available
                                                                                                                                                                  
+
                                                                                                                                                                  pid.available
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of allocatable PIDs reserved for pods.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of allocatable PIDs reserved for pods.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 10%
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 10%
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Soft eviction
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  Soft eviction
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  memory.available
                                                                                                                                                                  
+
                                                                                                                                                                  memory.available
                                                                                                                                                                  
 
                                                                                                                                                                  Available memory on a node.
                                                                                                                                                                  
-
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
+
                                                                                                                                                                  Available memory on a node.
                                                                                                                                                                  
+
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 100 to 1000000
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 100 to 1000000
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  nodefs.available
                                                                                                                                                                  
+
                                                                                                                                                                  nodefs.available
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by kubelet.
                                                                                                                                                                  
-
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by kubelet.
                                                                                                                                                                  
+
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  nodefs.inodesFree
                                                                                                                                                                  
+
                                                                                                                                                                  nodefs.inodesFree
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of available inodes in the filesystem used by kubelet.
                                                                                                                                                                  
-
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of available inodes in the filesystem used by kubelet.
                                                                                                                                                                  
+
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  imagefs.available
                                                                                                                                                                  
+
                                                                                                                                                                  imagefs.available
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
-
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of the available capacity in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
+
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  imagefs.inodesFree
                                                                                                                                                                  
+
                                                                                                                                                                  imagefs.inodesFree
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of available inodes in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
-
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of available inodes in the filesystem used by container runtimes to store resources such as images.
                                                                                                                                                                  
+
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  pid.available
                                                                                                                                                                  
+
                                                                                                                                                                  pid.available
                                                                                                                                                                  
 
                                                                                                                                                                  Percentage of allocatable PIDs reserved for pods.
                                                                                                                                                                  
-
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
+
                                                                                                                                                                  Percentage of allocatable PIDs reserved for pods.
                                                                                                                                                                  
+
                                                                                                                                                                  The value must be greater than the hard eviction value of the same parameter, and the eviction grace period (evictionSoftGracePeriod) must be configured accordingly.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1% to 99%
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
-
                                                                                                                                                                  Table 2 kube-proxy
                                                                                                                                                                  Item
                                                                                                                                                                  
+
+
                                                                                                                                                                  kube-proxy
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                  Item
                                                                                                                                                                  
 
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
 
                                                                                                                                                                  Value
                                                                                                                                                                  
+
                                                                                                                                                                  Value
                                                                                                                                                                  
 
                                                                                                                                                                  Modification
                                                                                                                                                                  
+
                                                                                                                                                                  Modification
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum number of connection tracking entries
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of connection tracking entries
                                                                                                                                                                  
 
                                                                                                                                                                  conntrack-min
                                                                                                                                                                  
+
                                                                                                                                                                  conntrack-min
                                                                                                                                                                  
 
                                                                                                                                                                  Maximum number of connection tracking entries
                                                                                                                                                                  
-
                                                                                                                                                                  To obtain the value, run the following command:
                                                                                                                                                                  
-
                                                                                                                                                                  sysctl -w net.nf_conntrack_max
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of connection tracking entries
                                                                                                                                                                  
+
                                                                                                                                                                  To obtain the value, run the following command:
                                                                                                                                                                  
+
                                                                                                                                                                  sysctl -w net.nf_conntrack_max
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 131072
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 131072
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Wait time of a closed TCP connection
                                                                                                                                                                  
+
                                                                                                                                                                  Wait time of a closed TCP connection
                                                                                                                                                                  
 
                                                                                                                                                                  conntrack-tcp-timeout-close-wait
                                                                                                                                                                  
+
                                                                                                                                                                  conntrack-tcp-timeout-close-wait
                                                                                                                                                                  
 
                                                                                                                                                                  Wait time of a closed TCP connection
                                                                                                                                                                  
-
                                                                                                                                                                  To obtain the value, run the following command:
                                                                                                                                                                  
-
                                                                                                                                                                  sysctl -w net.netfilter.nf_conntrack_tcp_timeout_close_wait
                                                                                                                                                                  
+
                                                                                                                                                                  Wait time of a closed TCP connection
                                                                                                                                                                  
+
                                                                                                                                                                  To obtain the value, run the following command:
                                                                                                                                                                  
+
                                                                                                                                                                  sysctl -w net.netfilter.nf_conntrack_tcp_timeout_close_wait
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 1h0m0s
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 1h0m0s
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
-
                                                                                                                                                                  Table 3 Network components (available only for CCE Turbo clusters)
                                                                                                                                                                  Item
                                                                                                                                                                  
+
+
                                                                                                                                                                  Docker (Available Only for Docker Node Pools)
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                  Item
                                                                                                                                                                  
 
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
 
                                                                                                                                                                  Value
                                                                                                                                                                  
+
                                                                                                                                                                  Value
                                                                                                                                                                  
 
                                                                                                                                                                  Modification
                                                                                                                                                                  
+
                                                                                                                                                                  Modification
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Node pool ENI pre-binding
                                                                                                                                                                  
+
                                                                                                                                                                  Container umask
                                                                                                                                                                  
 
                                                                                                                                                                  enable-node-nic-configuration
                                                                                                                                                                  
+
                                                                                                                                                                  native-umask
                                                                                                                                                                  
 
                                                                                                                                                                  Whether to enable ENI pre-binding in a node pool.
                                                                                                                                                                  
+
                                                                                                                                                                  The default value normal indicates that the umask value of the started container is 0022.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: false
                                                                                                                                                                  
+
                                                                                                                                                                  Default: normal
                                                                                                                                                                  
 
                                                                                                                                                                  After network component configuration is disabled in a node pool, the dynamic container ENI pre-binding parameter settings of the node pool are the same as those of cluster-level parameter settings.
                                                                                                                                                                  
+
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  ENI threshold
                                                                                                                                                                  
+
                                                                                                                                                                  Available data space for a single container
                                                                                                                                                                  
 
                                                                                                                                                                  nic-threshold
                                                                                                                                                                  
+
                                                                                                                                                                  docker-base-size
                                                                                                                                                                  
 
                                                                                                                                                                  Low threshold of the number of bound ENIs: High threshold of the number of bound ENIs
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum data space that can be used by each container.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 0:0
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 0
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  This parameter is being discarded. Use the dynamic pre-binding parameters of the other four ENIs.
                                                                                                                                                                  
+
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
+
                                                                                                                                                                  Insecure image source address
                                                                                                                                                                  
+
                                                                                                                                                                  insecure-registry
                                                                                                                                                                  
+
                                                                                                                                                                  Whether an insecure image source address can be used.
                                                                                                                                                                  
+
                                                                                                                                                                  false
                                                                                                                                                                  
+
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum size of a container core file
                                                                                                                                                                  
+
                                                                                                                                                                  limitcore
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum size of a core file in a container. The unit is byte.
                                                                                                                                                                  
+
                                                                                                                                                                  If not specified, the value is infinity.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 5368709120
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  Limit on the number of handles in a container
                                                                                                                                                                  
+
                                                                                                                                                                  default-ulimit-nofile
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of handles that can be used in a container.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: {soft}:{hard}
                                                                                                                                                                  
+
                                                                                                                                                                  The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                                                                  
+
                                                                                                                                                                  You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                                                                  
+
                                                                                                                                                                  sysctl -a | grep nr_open
                                                                                                                                                                  
+
                                                                                                                                                                  Image pull timeout
                                                                                                                                                                  
+
                                                                                                                                                                  image-pull-progress-timeout
                                                                                                                                                                  
+
                                                                                                                                                                  If the image fails to be pulled before time outs, the image pull will be canceled.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 1m0s
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is supported in v1.25.3-r0 and later.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  containerd (Available Only for containerd Node Pools)
                                                                                                                                                                  
+
                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                  Item
                                                                                                                                                                  
+
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Value
                                                                                                                                                                  
+
                                                                                                                                                                  Modification
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum size of a container core file
                                                                                                                                                                  
+
                                                                                                                                                                  limitcore
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum size of a core file in a container. The unit is byte.
                                                                                                                                                                  
+
                                                                                                                                                                  If not specified, the value is infinity.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 5368709120
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  Limit on the number of handles in a container
                                                                                                                                                                  
+
                                                                                                                                                                  default-ulimit-nofile
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of handles that can be used in a container.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 1048576
                                                                                                                                                                  
+
                                                                                                                                                                  The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                                                                  
+
                                                                                                                                                                  You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                                                                  
+
                                                                                                                                                                  sysctl -a | grep nr_open
                                                                                                                                                                  
+
                                                                                                                                                                  Image pull timeout
                                                                                                                                                                  
+
                                                                                                                                                                  image-pull-progress-timeout
                                                                                                                                                                  
+
                                                                                                                                                                  If the image fails to be pulled before time outs, the image pull will be canceled.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 1m0s
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is supported in v1.25.3-r0 and later.
                                                                                                                                                                  
+
                                                                                                                                                                  Verification on insure skips
                                                                                                                                                                  
+
                                                                                                                                                                  insecure_skip_verify
                                                                                                                                                                  
+
                                                                                                                                                                  Whether to skip repository certificate verification.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: false
                                                                                                                                                                  
+
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum Number of Concurrent Requests for Downloading an Image at a Time
                                                                                                                                                                  
+
                                                                                                                                                                  max-concurrent-downloads
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter specifies the maximum number of concurrent requests for downloading an image at a time.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 3
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1 to 20
                                                                                                                                                                  
+
                                                                                                                                                                  If this parameter is set to a large value, the network performance of other services on the node may be affected or the disk I/O and CPU usage may increase.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum Container Log Line Size
                                                                                                                                                                  
+
                                                                                                                                                                  max-container-log-line-size
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum log line size of a container, in the unit of bytes. The log lines exceeding the limit will be split into multiple lines.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 16384
                                                                                                                                                                  
+
                                                                                                                                                                  Value range: 1 to 2097152
                                                                                                                                                                  
+
                                                                                                                                                                  A larger value will lead to more containerd memory consumption.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                  Modify Image Repository Configuration
                                                                                                                                                                  
+
                                                                                                                                                                  registry-mirrors
                                                                                                                                                                  
+
                                                                                                                                                                  You can configure one or multiple substitute image repositories to be selected when obtaining images from the container runtime.
                                                                                                                                                                  
+
                                                                                                                                                                  If you do not specify this parameter, the docker.io image repository will be used by default, and the SWR image repository will be used as a substitute.
                                                                                                                                                                  
+
                                                                                                                                                                  An image repository must be an IP address or domain name. A substitute image repository must be an IP address or domain name starting with http:// or https://.
                                                                                                                                                                  
+
                                                                                                                                                                  • Add local image repositories for faster image pulling.
                                                                                                                                                                  • Configure multiple image repositories for higher fault tolerance and availability.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.17-r0, v1.25.12-r0, v1.27.9-r0, v1.28.7-r0, v1.29.3-r0, or later versions.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTICE: 
                                                                                                                                                                  If the image repository or its substitute is configured incorrectly, containers may not be able to pull the necessary image.
                                                                                                                                                                  
 
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Minimum number of ENIs bound to a node in a node pool
                                                                                                                                                                  
+
                                                                                                                                                                  Certificate Authentication Skipped Image Repository
                                                                                                                                                                  
 
                                                                                                                                                                  nic-minimum-target
                                                                                                                                                                  
+
                                                                                                                                                                  insecure-registries
                                                                                                                                                                  
 
                                                                                                                                                                  Minimum number of container ENIs bound to a node.
                                                                                                                                                                  
-
                                                                                                                                                                  The parameter value must be a positive integer. The value 10 indicates that at least 10 container ENIs must be bound to a node. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  When you specify image repositories, you can bypass security certificate-based authentication. This is typically done to connect to an insecure or self-signed image repository.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is left blank by default.
                                                                                                                                                                  
+
                                                                                                                                                                  Enter an IP address or domain name.
                                                                                                                                                                  
 
                                                                                                                                                                  Configure these parameters based on the number of pods typically running on most nodes.
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum number of ENIs pre-bound to a node in a node pool
                                                                                                                                                                  
-
                                                                                                                                                                  nic-maximum-target
                                                                                                                                                                  
-
                                                                                                                                                                  After the number of ENIs bound to a node exceeds the nic-maximum-target value, CCE will not proactively pre-bind ENIs.
                                                                                                                                                                  
-
                                                                                                                                                                  Checking the upper limit of pre-bound container ENIs is enabled only when the value of this parameter is greater than or equal to the minimum number of container ENIs (nic-minimum-target) bound to a node.
                                                                                                                                                                  
-
                                                                                                                                                                  The parameter value must be a positive integer. The value 0 indicates that checking the upper limit of pre-bound container ENIs is disabled. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 0
                                                                                                                                                                  
-
                                                                                                                                                                  Configure these parameters based on the maximum number of pods running on most nodes.
                                                                                                                                                                  
-
                                                                                                                                                                  Number of ENIs dynamically pre-bound to a node in a node pool
                                                                                                                                                                  
-
                                                                                                                                                                  nic-warm-target
                                                                                                                                                                  
-
                                                                                                                                                                  Extra ENIs will be pre-bound after the nic-minimum-target is used up in a pod. The value can only be a number.
                                                                                                                                                                  
-
                                                                                                                                                                  When the sum of the nic-warm-target value and the number of ENIs bound to the node is greater than the nic-maximum-target value, CCE will pre-bind the number of ENIs specified by the difference between the nic-maximum-target value and the current number of ENIs bound to the node.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 2
                                                                                                                                                                  
-
                                                                                                                                                                  Set the parameter value to the number of pods that can be scaled out instantaneously within 10 seconds on most nodes.
                                                                                                                                                                  
-
                                                                                                                                                                  Threshold for reclaiming the ENIs pre-bound to a node in a node pool
                                                                                                                                                                  
-
                                                                                                                                                                  nic-max-above-warm-target
                                                                                                                                                                  
-
                                                                                                                                                                  Only when the difference between the number of idle ENIs on a node and the nic-warm-target value is greater than the threshold, the pre-bound ENIs will be unbound and reclaimed. The value can only be a number.
                                                                                                                                                                  
-
                                                                                                                                                                  • A large value will accelerate pod startup but slow down the unbinding of idle container ENIs and decrease the IP address usage. Exercise caution when performing this operation.
                                                                                                                                                                  • A small value will speed up the unbinding of idle container ENIs and increase the IP address usage but will slow down pod startup, especially when a large number of pods increase instantaneously.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 2
                                                                                                                                                                  
-
                                                                                                                                                                  Set the parameter value to the difference between the number of pods that are frequently scaled on most nodes within minutes and the number of pods that are instantly scaled out on most nodes within 10 seconds.
                                                                                                                                                                  
+
                                                                                                                                                                  • Use this function only in development or test environments, not in production environments.
                                                                                                                                                                  • Enable this option only when using a self-signed certificate or when attempting to access a private image repository that cannot obtain an authorized certificate.
                                                                                                                                                                  
+
                                                                                                                                                                  This parameter is available only in clusters of v1.23.17-r0, v1.25.12-r0, v1.27.9-r0, v1.28.7-r0, v1.29.3-r0, or later versions.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
-
                                                                                                                                                                  
+
+
+
-
@@ -120,7 +143,7 @@
 
@@ -129,7 +152,7 @@
 
@@ -154,16 +177,16 @@
 
-
-
-
-
-
@@ -81,7 +81,7 @@
 
@@ -237,7 +237,7 @@
 
@@ -287,7 +288,7 @@
 
                                                                                                                                                                  Table 4 Pod security group in a node pool (available only for CCE Turbo clusters)
                                                                                                                                                                  Item
                                                                                                                                                                  
+
+
                                                                                                                                                                  Networking Components (Available Only for CCE Turbo Clusters)
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                  Item
                                                                                                                                                                  
 
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
 
                                                                                                                                                                  Value
                                                                                                                                                                  
+
                                                                                                                                                                  Value
                                                                                                                                                                  
 
                                                                                                                                                                  Modification
                                                                                                                                                                  
+
                                                                                                                                                                  Modification
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Default security group used by pods in a node pool
                                                                                                                                                                  
+
                                                                                                                                                                  Node pool ENI pre-binding
                                                                                                                                                                  
 
                                                                                                                                                                  security_groups_for_nodepool
                                                                                                                                                                  
+
                                                                                                                                                                  enable-node-nic-configuration
                                                                                                                                                                  
 
                                                                                                                                                                  You can enter the security group ID. If this parameter is not configured, the default security group of the cluster container network will be used, and a maximum of five security group IDs that are separated by semicolons (;) can be specified at a time.
                                                                                                                                                                  
-
                                                                                                                                                                  The priority of the security group is lower than that of the security group configured for SecurityGroups.
                                                                                                                                                                  
+
                                                                                                                                                                  Whether to enable ENI pre-binding in a node pool.
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  Default: false
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
+
                                                                                                                                                                  After network component configuration is disabled in a node pool, the dynamic container ENI pre-binding parameter settings of the node pool are the same as those of cluster-level parameter settings.
                                                                                                                                                                  
+
                                                                                                                                                                  ENI threshold
                                                                                                                                                                  
+
                                                                                                                                                                  nic-threshold
                                                                                                                                                                  
+
                                                                                                                                                                  Low threshold of the number of bound ENIs: High threshold of the number of bound ENIs
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 0:0
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  This parameter is being discarded. Use the dynamic pre-binding parameters of the other four ENIs.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Minimum number of ENIs bound to a node in a node pool
                                                                                                                                                                  
+
                                                                                                                                                                  nic-minimum-target
                                                                                                                                                                  
+
                                                                                                                                                                  Minimum number of container ENIs bound to a node.
                                                                                                                                                                  
+
                                                                                                                                                                  The parameter value must be a positive integer. The value 10 indicates that at least 10 container ENIs must be bound to a node. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 10
                                                                                                                                                                  
+
                                                                                                                                                                  Configure these parameters based on the number of pods typically running on most nodes.
                                                                                                                                                                  
+
                                                                                                                                                                  Maximum number of ENIs pre-bound to a node in a node pool
                                                                                                                                                                  
+
                                                                                                                                                                  nic-maximum-target
                                                                                                                                                                  
+
                                                                                                                                                                  After the number of ENIs bound to a node exceeds the nic-maximum-target value, CCE will not proactively pre-bind ENIs.
                                                                                                                                                                  
+
                                                                                                                                                                  Checking the upper limit of pre-bound container ENIs is enabled only when the value of this parameter is greater than or equal to the minimum number of container ENIs (nic-minimum-target) bound to a node.
                                                                                                                                                                  
+
                                                                                                                                                                  The parameter value must be a positive integer. The value 0 indicates that checking the upper limit of pre-bound container ENIs is disabled. If the number you specified exceeds the container ENI quota of the node, the ENI quota will be used.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 0
                                                                                                                                                                  
+
                                                                                                                                                                  Configure these parameters based on the maximum number of pods running on most nodes.
                                                                                                                                                                  
+
                                                                                                                                                                  Number of ENIs dynamically pre-bound to a node in a node pool
                                                                                                                                                                  
+
                                                                                                                                                                  nic-warm-target
                                                                                                                                                                  
+
                                                                                                                                                                  Extra ENIs will be pre-bound after the nic-minimum-target is used up in a pod. The value can only be a number.
                                                                                                                                                                  
+
                                                                                                                                                                  When the sum of the nic-warm-target value and the number of ENIs bound to the node is greater than the nic-maximum-target value, CCE will pre-bind the number of ENIs specified by the difference between the nic-maximum-target value and the current number of ENIs bound to the node.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 2
                                                                                                                                                                  
+
                                                                                                                                                                  Set the parameter value to the number of pods that can be scaled out instantaneously within 10 seconds on most nodes.
                                                                                                                                                                  
+
                                                                                                                                                                  Threshold for reclaiming the ENIs pre-bound to a node in a node pool
                                                                                                                                                                  
+
                                                                                                                                                                  nic-max-above-warm-target
                                                                                                                                                                  
+
                                                                                                                                                                  Only when the difference between the number of idle ENIs on a node and the nic-warm-target value is greater than the threshold, the pre-bound ENIs will be unbound and reclaimed. The value can only be a number.
                                                                                                                                                                  
+
                                                                                                                                                                  • A large value will accelerate pod startup but slow down the unbinding of idle container ENIs and decrease the IP address usage. Exercise caution when performing this operation.
                                                                                                                                                                  • A small value will speed up the unbinding of idle container ENIs and increase the IP address usage but will slow down pod startup, especially when a large number of pods increase instantaneously.
                                                                                                                                                                  
+
                                                                                                                                                                  Default: 2
                                                                                                                                                                  
+
                                                                                                                                                                  Set the parameter value to the difference between the number of pods that are frequently scaled on most nodes within minutes and the number of pods that are instantly scaled out on most nodes within 10 seconds.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
-
                                                                                                                                                                  
-
-
+
+
+
+
+
+
                                                                                                                                                                  Table 5 Docker (available only for node pools that use Docker)
                                                                                                                                                                  Item
                                                                                                                                                                  
+
+
                                                                                                                                                                  Pod Security Groups (Available Only for CCE Turbo Clusters)
                                                                                                                                                                  
+
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                  Item
                                                                                                                                                                  
 
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Parameter
                                                                                                                                                                  
 
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
 
                                                                                                                                                                  Value
                                                                                                                                                                  
+
                                                                                                                                                                  Value
                                                                                                                                                                  
 
                                                                                                                                                                  Modification
                                                                                                                                                                  
+
                                                                                                                                                                  Modification
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Container umask
                                                                                                                                                                  
+
                                                                                                                                                                  Default security group used by pods in a node pool
                                                                                                                                                                  
 
                                                                                                                                                                  native-umask
                                                                                                                                                                  
+
                                                                                                                                                                  security_groups_for_nodepool
                                                                                                                                                                  
 
                                                                                                                                                                  The default value normal indicates that the umask value of the started container is 0022.
                                                                                                                                                                  
+
                                                                                                                                                                  You can enter the security group ID. If this parameter is not configured, the default security group of the cluster container network will be used, and a maximum of five security group IDs that are separated by semicolons (;) can be specified at a time.
                                                                                                                                                                  
+
                                                                                                                                                                  The priority of the security group is lower than that of the security group configured for SecurityGroups.
                                                                                                                                                                  
 
                                                                                                                                                                  Default: normal
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
 
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
-
                                                                                                                                                                  Available data space for a single container
                                                                                                                                                                  
-
                                                                                                                                                                  docker-base-size
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum data space that can be used by each container.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 0
                                                                                                                                                                  
-
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
-
                                                                                                                                                                  Insecure image source address
                                                                                                                                                                  
-
                                                                                                                                                                  insecure-registry
                                                                                                                                                                  
-
                                                                                                                                                                  Whether an insecure image source address can be used.
                                                                                                                                                                  
-
                                                                                                                                                                  false
                                                                                                                                                                  
-
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum size of a container core file
                                                                                                                                                                  
-
                                                                                                                                                                  limitcore
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum size of a core file in a container. The unit is byte.
                                                                                                                                                                  
-
                                                                                                                                                                  If not specified, the value is infinity.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 5368709120
                                                                                                                                                                  
-
                                                                                                                                                                  None
                                                                                                                                                                  
-
                                                                                                                                                                  Limit on the number of handles in a container
                                                                                                                                                                  
-
                                                                                                                                                                  default-ulimit-nofile
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum number of handles that can be used in a container.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: {soft}:{hard}
                                                                                                                                                                  
-
                                                                                                                                                                  The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                                                                  
-
                                                                                                                                                                  You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                                                                  
-
                                                                                                                                                                  sysctl -a | grep nr_open
                                                                                                                                                                  
-
                                                                                                                                                                  Image pull timeout
                                                                                                                                                                  
-
                                                                                                                                                                  image-pull-progress-timeout
                                                                                                                                                                  
-
                                                                                                                                                                  If the image fails to be pulled before time outs, the image pull will be canceled.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 1m0s
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter is supported in v1.25.3-r0 and later.
                                                                                                                                                                  
+
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
-
                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                  Table 6 containerd (available only for node pools that use containerd)
                                                                                                                                                                  Item
                                                                                                                                                                  
-
                                                                                                                                                                  Parameter
                                                                                                                                                                  
-
                                                                                                                                                                  Description
                                                                                                                                                                  
-
                                                                                                                                                                  Value
                                                                                                                                                                  
-
                                                                                                                                                                  Modification
                                                                                                                                                                  
-
                                                                                                                                                                  Available data space for a single container
                                                                                                                                                                  
-
                                                                                                                                                                  devmapper-base-size
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum data space that can be used by each container.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 0
                                                                                                                                                                  
-
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum size of a container core file
                                                                                                                                                                  
-
                                                                                                                                                                  limitcore
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum size of a core file in a container. The unit is byte.
                                                                                                                                                                  
-
                                                                                                                                                                  If not specified, the value is infinity.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 5368709120
                                                                                                                                                                  
-
                                                                                                                                                                  None
                                                                                                                                                                  
-
                                                                                                                                                                  Limit on the number of handles in a container
                                                                                                                                                                  
-
                                                                                                                                                                  default-ulimit-nofile
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum number of handles that can be used in a container.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 1048576
                                                                                                                                                                  
-
                                                                                                                                                                  The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                                                                  
-
                                                                                                                                                                  You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                                                                  
-
                                                                                                                                                                  sysctl -a | grep nr_open
                                                                                                                                                                  
-
                                                                                                                                                                  Image pull timeout
                                                                                                                                                                  
-
                                                                                                                                                                  image-pull-progress-timeout
                                                                                                                                                                  
-
                                                                                                                                                                  If the image fails to be pulled before time outs, the image pull will be canceled.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 1m0s
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter is supported in v1.25.3-r0 and later.
                                                                                                                                                                  
-
                                                                                                                                                                  Verification on insure skips
                                                                                                                                                                  
-
                                                                                                                                                                  insecure_skip_verify
                                                                                                                                                                  
-
                                                                                                                                                                  Whether to skip repository certificate verification.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: false
                                                                                                                                                                  
-
                                                                                                                                                                  The parameter value cannot be changed.
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum Number of Concurrent Requests for Downloading an Image at a Time
                                                                                                                                                                  
-
                                                                                                                                                                  max-concurrent-downloads
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter specifies the maximum number of concurrent requests for downloading an image at a time.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 3
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1 to 20
                                                                                                                                                                  
-
                                                                                                                                                                  If this parameter is set to a large value, the network performance of other services on the node may be affected or the disk I/O and CPU usage may increase.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum Container Log Line Size
                                                                                                                                                                  
-
                                                                                                                                                                  max-container-log-line-size
                                                                                                                                                                  
-
                                                                                                                                                                  Maximum log line size of a container, in the unit of bytes. The log lines exceeding the limit will be split into multiple lines.
                                                                                                                                                                  
-
                                                                                                                                                                  Default: 16384
                                                                                                                                                                  
-
                                                                                                                                                                  Value range: 1 to 2097152
                                                                                                                                                                  
-
                                                                                                                                                                  A larger value will lead to more containerd memory consumption.
                                                                                                                                                                  
-
                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                4. Click OK.
                                                                                                                                                                  5. 
 
                                                                                                                                                                  
 
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0653.html b/docs/cce/umn/cce_10_0653.html
index 8f1b3011b..2da85ef45 100644
--- a/docs/cce/umn/cce_10_0653.html
+++ b/docs/cce/umn/cce_10_0653.html
@@ -29,25 +29,40 @@
 
                                                                                                                                                                  Specifications
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Select node specifications that best fit your service needs.
                                                                                                                                                                  
-
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  • If a node pool is configured with multiple node flavors, only the flavors (which can be located in different AZs) of the same node type are supported. For example, a node pool consisting of general computing-plus nodes supports only general computing-plus node flavors, but not the flavors of general computing nodes.
                                                                                                                                                                  • A maximum of 10 node flavors can be added to a node pool (the flavors in different AZs are counted separately). When adding a node flavor, you can choose multiple AZs, but you need to specify them.
                                                                                                                                                                  • Nodes in a newly created node pool are created using the default flavor. If the resources for the default flavor are insufficient, node creation will fail.
                                                                                                                                                                  • After a node pool is created, the flavors of existing nodes cannot be deleted.
                                                                                                                                                                  
-
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Container Engine
                                                                                                                                                                  
 
                                                                                                                                                                  The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping between Node OSs and Container Engines.
                                                                                                                                                                  
+
                                                                                                                                                                  The container engines supported by CCE include Docker and containerd, which may vary depending on cluster types, cluster versions, and OSs. Select a container engine based on the information displayed on the CCE console. For details, see Mapping Between Node OSs and Container Engines.
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  After the container engine is modified, the modification automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                                  
 
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  OS
                                                                                                                                                                  
 
                                                                                                                                                                  Select an OS type. Different types of nodes support different OSs.
                                                                                                                                                                  • Public image: Select a public image for the node.
                                                                                                                                                                  
+
                                                                                                                                                                  Select an OS type. Different types of nodes support different OSs.
                                                                                                                                                                  • Public image: Select a public image for the node.
                                                                                                                                                                  • Private image: Select a private image for the node. 
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  • Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.
                                                                                                                                                                  • After the OS is modified, the modification automatically takes effect on newly added nodes. Manually reset existing nodes for the modification to take effect.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Edit Key Pair
                                                                                                                                                                  
+
                                                                                                                                                                  Node pools that require key pairs for login authentication allow for key pair editing. You can choose a different key pair.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  The changes made to the key pair will be applied automatically to any new nodes added. However, for existing nodes, you will need to manually reset them for the modifications to take effect.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  Modify Login Settings
                                                                                                                                                                  
+
                                                                                                                                                                  After this function is enabled, you can modify the node login mode.
                                                                                                                                                                  
+
                                                                                                                                                                  • Key Pair
                                                                                                                                                                    Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                                                    
+
                                                                                                                                                                    A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  The changes made to the key pair will be applied automatically to any new nodes added. However, for existing nodes, you will need to manually reset them for the modifications to take effect.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
                                                                                                                                                                   
 
                                                                                                                                                                  
 
                                                                                                                                                                  
@@ -70,17 +85,25 @@
 
                                                                                                                                                                  
 
 
                                                                                                                                                                  System Component Storage
                                                                                                                                                                  
+
                                                                                                                                                                  Select a disk for storing system components.
                                                                                                                                                                  
+
                                                                                                                                                                  • Data Disk: added for storing container runtime and kubelet components by default. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                                                                                                                                  • System Disk: stores CCE resources such as downloaded images, ephemeral storage for containers, and container stdout logs. If the system disk is fully occupied, it will negatively affect the stability of the node.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  • In clusters of v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, or later, you can select a disk for storing system components. If CCE Node Problem Detector is used, ensure that its version is 1.19.2 or later.
                                                                                                                                                                  • Customizing the pod base size for a node pool will prevent you from changing System Component Storage to System Disk.
                                                                                                                                                                  • The modified System Component Storage setting automatically takes effect on new nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  Data Disk
                                                                                                                                                                  
 
                                                                                                                                                                  At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                                                                                                                                  
-
                                                                                                                                                                  • First data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                                                  • Other data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                                                  
+
                                                                                                                                                                  At least one data disk is required for the container runtime and kubelet components in clusters of a version earlier than v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, or v1.29.4-r0. This data disk cannot be deleted or detached. Otherwise, the node will be unavailable.
                                                                                                                                                                  • Default data disk: used for container runtime and kubelet components. The disk size ranges from 20 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                                                  • Other common data disks: You can set the data disk size to a value ranging from 10 GiB to 32768 GiB. The default value is 100 GiB.
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  After the data disk configuration is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Advanced Settings
                                                                                                                                                                  
 
                                                                                                                                                                  Expand the area and configure the following parameters:
                                                                                                                                                                  
-
                                                                                                                                                                  • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                                                                                                                                     NOTE: 
                                                                                                                                                                    After the data disk space allocation configuration is modified, the modification takes effect only for new nodes. The configuration cannot take effect for the existing nodes even if they are reset.
                                                                                                                                                                    
+
                                                                                                                                                                    • Data Disk Space Allocation: allocates space for container engines, images, and ephemeral storage for them to run properly. For details about how to allocate data disk space, see Space Allocation of a Data Disk.
                                                                                                                                                                       NOTE: 
                                                                                                                                                                      After the data disk space allocation configuration is modified, the modification takes effect only for new nodes. The configuration cannot take effect for the existing nodes even if they are reset.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                    • Enabled: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                                                                                                                      • Not encrypted is selected by default.
                                                                                                                                                                      • After setting Data Disk Encryption to Enabled, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the key text box.
                                                                                                                                                                      
+
                                                                                                                                                                    • Enabled: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. 
                                                                                                                                                                      • Not encrypted is selected by default.
                                                                                                                                                                      • After setting Data Disk Encryption to Enabled, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the key text box.
                                                                                                                                                                      
 
                                                                                                                                                                       NOTE: 
                                                                                                                                                                      After the Data Disk Encryption is modified, the modification takes effect only on newly added nodes. The configuration cannot be synchronized to existing nodes even if they are reset.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    
@@ -110,8 +133,8 @@
 
                                                                                                                                                                  Resource Tag
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  You can add resource tags to classify resources.
                                                                                                                                                                  
-
                                                                                                                                                                  You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                                                  
-
                                                                                                                                                                  CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                                                                                                  
+
                                                                                                                                                                  You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. 
                                                                                                                                                                  
+
                                                                                                                                                                  CCE will automatically create the "CCE-Dynamic-Provisioning-Node=Node ID" tag.
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  Modified resource tags automatically take effect on new nodes.
                                                                                                                                                                  
 
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  A key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add Label for more. A maximum of 20 labels can be added.
                                                                                                                                                                  
 
                                                                                                                                                                  Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                                                                                  
-
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  Modified Kubernetes labels automatically take effect on new nodes as well as existing nodes if Kubernetes labels is selected in Synchronization for Existing Nodes.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  Modified Kubernetes labels automatically take effect on new nodes as well as existing nodes if Kubernetes labels is selected in Synchronization for Existing Nodes.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  		
 
                                                                                                                                                                  This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                                                                                  • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                                                                                  • Value: A value must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
                                                                                                                                                                  • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  For details, see Managing Node Taints.
                                                                                                                                                                  
-
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  Modified taints automatically take effect on new nodes as well as existing nodes if Taints is selected in Synchronization for Existing Nodes.
                                                                                                                                                                  
+
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  Modified taints automatically take effect on new nodes as well as existing nodes if Taints is selected in Synchronization for Existing Nodes.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  		
 
                                                                                                                                                                  
 
 
                                                                                                                                                                  Edit key pair
                                                                                                                                                                  
+
                                                                                                                                                                  ECS Group
                                                                                                                                                                  
 
                                                                                                                                                                  Only node pools that use key pairs for login support key pair editing. You can select another key pair.
                                                                                                                                                                  
-
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  The edited key pair automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.
                                                                                                                                                                  
+
                                                                                                                                                                  Anti-affinity: ECSs in an ECS group are deployed on different physical hosts to improve service reliability.
                                                                                                                                                                  
+
                                                                                                                                                                  Select an existing ECS group, or click Add ECS Group to create one. After the ECS group is created, click the refresh icon.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Pre-installation Command
                                                                                                                                                                  
 
                                                                                                                                                                  Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                  
+
                                                                                                                                                                  Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                  
 
                                                                                                                                                                  The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  The modified pre-installation command automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                                  
 
                                                                                                                                                                  
@@ -171,7 +194,7 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  Post-installation Command
                                                                                                                                                                  
 
                                                                                                                                                                  Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                  
+
                                                                                                                                                                  Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                  
 
                                                                                                                                                                  The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  The modified post-installation command automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                                  
 
                                                                                                                                                                  
@@ -185,7 +208,7 @@
 
                                                                                                                                                                   		
 
                                                                                                                                                                  User-defined node name prefix and suffix
                                                                                                                                                                  
+
                                                                                                                                                                  Custom Prefix and Suffix
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Custom name prefix and suffix of a node in a node pool. After the configuration, the nodes in the node pool will be named with the configured prefix and suffix. For example, if the prefix is prefix- and the suffix is -suffix, the nodes in the node pool will be named in the format of "prefix-Node pool name with five-digit random characters-suffix".
                                                                                                                                                                  
 
                                                                                                                                                                  • A prefix and suffix can be customized only when a node pool is created, and they cannot be modified after the node pool is created.
                                                                                                                                                                  • A prefix can end with a special character, and a suffix can start with a special character.
                                                                                                                                                                  • A node name consists of a maximum of 56 characters in the format of "Prefix-Node pool name with five-digit random characters-Suffix".
                                                                                                                                                                  • A node name does not support the combination of a period (.) and special characters (such as .., .-, or -.).
                                                                                                                                                                  • This function is available only in clusters of v1.28.1, v1.27.3, v1.25.6, v1.23.11, v1.21.12, or later.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0656.html b/docs/cce/umn/cce_10_0656.html
index fe497fd76..6140b1d79 100644
--- a/docs/cce/umn/cce_10_0656.html
+++ b/docs/cce/umn/cce_10_0656.html
@@ -1,11 +1,61 @@
 
 
 
                                                                                                                                                                  Migrating a Node
                                                                                                                                                                  
-
                                                                                                                                                                  Nodes in a node pool can be migrated to the default node pool. Nodes in the default node pool or a custom node pool cannot be migrated to other custom node pools.
                                                                                                                                                                  
-
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Nodes and click the Node Pools tab.
                                                                                                                                                                  3. Click View Node in the Operation column of the node pool to be migrated.
                                                                                                                                                                  4. Click More > Migrate in the Operation column of the target node to migrate the node.
                                                                                                                                                                  5. In the displayed Migrate Node dialog box, confirm the information.
                                                                                                                                                                     
                                                                                                                                                                    • The migration does not affect custom resource tags, Kubernetes labels, and taints of the node.
                                                                                                                                                                    • After the migration, system labels cce.cloud.com and cce-nodepool on the node will be deleted. If an existing workload uses these labels for affinity or anti-affinity scheduling, the existing pods on the node will be stopped and rescheduled when kubelet is restarted.
                                                                                                                                                                    
+
                                                                                                                                                                    You can migrate nodes between node pools within a cluster. Table 1 lists migration scenarios.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 1 Migration scenarios
                                                                                                                                                                    Migration Scenario
                                                                                                                                                                    
+
                                                                                                                                                                    Migration
                                                                                                                                                                    
+
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Source Node Pool
                                                                                                                                                                    
+
                                                                                                                                                                    Target Node Pool
                                                                                                                                                                    
+
                                                                                                                                                                    Custom node pool
                                                                                                                                                                    
+
                                                                                                                                                                    Default node pool (DefaultPool)
                                                                                                                                                                    
+
                                                                                                                                                                    Supported
                                                                                                                                                                    
+
                                                                                                                                                                    Migrating Nodes from a Custom Node Pool to the Default Node Pool
                                                                                                                                                                    
+
                                                                                                                                                                    Default node pool (DefaultPool)
                                                                                                                                                                    
+
                                                                                                                                                                    Custom node pool
                                                                                                                                                                    
+
                                                                                                                                                                    Supported by clusters of v1.23 or later
                                                                                                                                                                    
+
                                                                                                                                                                    Migrating Nodes from the Default Node Pool to a Custom Node Pool
                                                                                                                                                                    
+
                                                                                                                                                                    Custom node pool
                                                                                                                                                                    
+
                                                                                                                                                                    Custom node pool
                                                                                                                                                                    
+
                                                                                                                                                                    Not supported
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Migrating Nodes from a Custom Node Pool to the Default Node Pool
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. In the navigation pane, choose Nodes and click the Node Pools tab.
                                                                                                                                                                    3. Click View Node in the Operation column of the node pool to be migrated.
                                                                                                                                                                    4. Choose More > Migrate Node in the Operation column of the target node to migrate the node.
                                                                                                                                                                    5. In the displayed Migrate Node dialog box, confirm the information.
                                                                                                                                                                       
                                                                                                                                                                      • The migration does not affect custom resource tags, Kubernetes labels, and taints of the node.
                                                                                                                                                                      • After the migration, system labels cce.cloud.com and cce-nodepool on the node will be deleted. If an existing workload uses these labels for affinity or anti-affinity scheduling, the existing pods on the node will be stopped and rescheduled when kubelet is restarted.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    
+
                                                                                                                                                                    Migrating Nodes from the Default Node Pool to a Custom Node Pool
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. In the navigation pane, choose Nodes and click the Node Pools tab.
                                                                                                                                                                    3. Locate the target node pool and choose More > Accept Node.
                                                                                                                                                                    4. In the Accept Node dialog box, select the nodes that meet the following conditions:
                                                                                                                                                                      • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                                                                      • The nodes and the current node pool belong to the same enterprise project.
                                                                                                                                                                      • The nodes and the current node pool are in the same cloud server group.
                                                                                                                                                                      • The billing mode of the nodes is supported by the current node pool.
                                                                                                                                                                      • The nodes are running and they are from the default node pool.
                                                                                                                                                                      • The flavor, AZ, resource reservation, container engine, and OS configurations of the nodes are the same as those of the node pool.
                                                                                                                                                                      
+
                                                                                                                                                                    5. Click OK.
                                                                                                                                                                       
                                                                                                                                                                      • After nodes are migrated into a node pool, the pool's resource tags, Kubernetes labels, and Kubernetes taints will be synchronized to the nodes. If there is a conflict, the node pool's configurations will take precedence.
                                                                                                                                                                      • After the migration, the pool's security group will take over the nodes' original security group.
                                                                                                                                                                      • After the migration, the pool's agency will take over the nodes' original agency.
                                                                                                                                                                      • After the migration, the nodes' original login mode will remain unchanged.
                                                                                                                                                                      • After a node is migrated to a node pool after being accepted by the cluster, its acceptance tag will be removed. Scaling in the node pool may result in the removal of the node.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Parent topic: Managing a Node Pool
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0659.html b/docs/cce/umn/cce_10_0659.html
index 7dce56886..52bab6dfe 100644
--- a/docs/cce/umn/cce_10_0659.html
+++ b/docs/cce/umn/cce_10_0659.html
@@ -69,7 +69,7 @@
 
                                                                                                                                                                    Typical scenario: Disk I/O suspension causes process suspension.
                                                                                                                                                                    
 
                                                                                                                                                                  		
 
                                                                                                                                                                  Warning event
                                                                                                                                                                  
-
                                                                                                                                                                  Listening object: /dev/kmsg
                                                                                                                                                                  
+
                                                                                                                                                                  Listening object: /dev/kmsg
                                                                                                                                                                  
 
                                                                                                                                                                  Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
 
                                                                                                                                                                  Warning event
                                                                                                                                                                  
-
                                                                                                                                                                  Listening object: /dev/kmsg
                                                                                                                                                                  
+
                                                                                                                                                                  Listening object: /dev/kmsg
                                                                                                                                                                  
 
                                                                                                                                                                  Matching rule: Remounting filesystem read-only
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Check whether the ephemeral volume group on the node is normal.
                                                                                                                                                                  
 
                                                                                                                                                                  Impact: Pods that depend on the storage pool cannot write data to the temporary volume. The temporary volume is remounted as a read-only file system by the kernel due to an I/O error.
                                                                                                                                                                  
-
                                                                                                                                                                  Typical scenario: When creating a node, a user configures two data disks as a temporary volume storage pool. Some data disks are deleted by mistake. As a result, the storage pool becomes abnormal.
                                                                                                                                                                  
+
                                                                                                                                                                  Typical scenario: When creating a node, a user configures two data disks as an ephemeral volume storage pool. Some data disks are deleted by mistake. As a result, the storage pool becomes abnormal.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  • Detection period: 30s
                                                                                                                                                                  • Source:
                                                                                                                                                                    vgs -o vg_name, vg_attr
                                                                                                                                                                    
 
                                                                                                                                                                  • Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                                                                                                                                                  • Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                                                                                                                                                  • Exceptional scenario: The NPD add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                                                                                                                                                  
@@ -272,8 +272,9 @@
 
                                                                                                                                                                  • Check object: all data disks
                                                                                                                                                                  • Source:
                                                                                                                                                                    /proc/diskstat
                                                                                                                                                                    
 
                                                                                                                                                                    Alternatively, you can run the following command:
                                                                                                                                                                    iostat -xmt 1
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                  • Threshold:
                                                                                                                                                                    • Average usage: ioutil >= 0.99
                                                                                                                                                                    • Average I/O queue length: avgqu-sz >= 1
                                                                                                                                                                    • Average I/O transfer volume: iops (w/s) + ioth (wMB/s) <= 1
                                                                                                                                                                    
-
                                                                                                                                                                     NOTE: 
                                                                                                                                                                    In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.
                                                                                                                                                                    
+
                                                                                                                                                                  • Thresholds: (All following conditions must be met).
                                                                                                                                                                    • Average usage (ioutil) ≥ 0.99
                                                                                                                                                                    • Average I/O queue length (avgqu-sz) ≥ 1
                                                                                                                                                                    • Average I/O transfer volume ≤ 1
                                                                                                                                                                      Average I/O transfer volume = Number of writes completed per second (iops, unit: w/s) + Amount of data written per second (ioth, unit: wMB/s)
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                     NOTE: 
                                                                                                                                                                    In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  • Check object: all data disks
                                                                                                                                                                  • Source:
                                                                                                                                                                    /proc/diskstat
                                                                                                                                                                    
 
                                                                                                                                                                    Alternatively, you can run the following command:
                                                                                                                                                                    iostat -xmt 1
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                  • Default threshold:
                                                                                                                                                                    Average I/O latency: await >= 5000 ms
                                                                                                                                                                    
+
                                                                                                                                                                  • Default threshold:
                                                                                                                                                                    Average I/O latency (await) ≥ 5000 ms
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  If I/O requests are not responded and the await data is not updated, this check item is invalid.
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0660.html b/docs/cce/umn/cce_10_0660.html
index 1386ada2e..1dc7877da 100644
--- a/docs/cce/umn/cce_10_0660.html
+++ b/docs/cce/umn/cce_10_0660.html
@@ -9,9 +9,9 @@
 
                                                                                                                                                                  Procedure for Default Node Pools
                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                  3. Click Upgrade next to the default node pool.
                                                                                                                                                                  4. In the displayed Operating System Upgrade window, configure parameters.
                                                                                                                                                                    • Target Operating System: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                    • Upgrade Policy: Node Reset is supported.
                                                                                                                                                                    • Max. Nodes for Batch Upgrade: maximum number of nodes that will be unavailable during node upgrade. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                    • View Node: Select the nodes to be upgraded.
                                                                                                                                                                    • Login Mode:
                                                                                                                                                                      • Key Pair
                                                                                                                                                                        Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                                                        
 
                                                                                                                                                                        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                                                        
 
                                                                                                                                                                      
-
                                                                                                                                                                    • Pre-installation script:
                                                                                                                                                                      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                      
+
                                                                                                                                                                    • Pre-installation script:
                                                                                                                                                                      Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                      
 
                                                                                                                                                                      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                                                      
-
                                                                                                                                                                    • Post-installation script:
                                                                                                                                                                      Pre-installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                      
+
                                                                                                                                                                    • Post-installation script:
                                                                                                                                                                      Installation script command, in which Chinese characters are not allowed. The script command will be Base64-transcoded. The characters of both the pre-installation and post-installation scripts are centrally calculated, and the total number of characters after transcoding cannot exceed 10240.
                                                                                                                                                                      
 
                                                                                                                                                                      The script will be executed after Kubernetes software is installed, which does not affect the installation.
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                  5. Click OK.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0672.html b/docs/cce/umn/cce_10_0672.html
index a26faf8af..6c772973d 100644
--- a/docs/cce/umn/cce_10_0672.html
+++ b/docs/cce/umn/cce_10_0672.html
@@ -1,12 +1,11 @@
 
 
 
                                                                                                                                                                  Management Nodes
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                    
 
                                                                                                                                                                  • Managing Node Labels
                                                                                                                                                                    
-You can add different labels to nodes and define different attributes for labels. By using these node labels, you can quickly understand the characteristics of each node.
                                                                                                                                                                    • 
+
 
                                                                                                                                                                  • Managing Node Taints
                                                                                                                                                                    
 
                                                                                                                                                                    • 
 
                                                                                                                                                                  • Resetting a Node
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0674.html b/docs/cce/umn/cce_10_0674.html
index 2090a41f9..586385b99 100644
--- a/docs/cce/umn/cce_10_0674.html
+++ b/docs/cce/umn/cce_10_0674.html
@@ -1,11 +1,7 @@
 
 
-
-  
                                                                                                                                                                    Scheduling
                                                                                                                                                                    
-
-  
                                                                                                                                                                    
-
                                                                                                                                                                    
-
+
                                                                                                                                                                    Scheduling
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
 
 
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0677.html b/docs/cce/umn/cce_10_0677.html
index 14506a8ac..16cd2c31d 100644
--- a/docs/cce/umn/cce_10_0677.html
+++ b/docs/cce/umn/cce_10_0677.html
@@ -7,8 +7,6 @@
 
 
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0678.html b/docs/cce/umn/cce_10_0678.html
index fb47bcfa4..865d4aa34 100644
--- a/docs/cce/umn/cce_10_0678.html
+++ b/docs/cce/umn/cce_10_0678.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                                    
 
                                                                                                                                                                    Notes and Constraints
                                                                                                                                                                    • This function is available only for clusters of v1.19 or later using a VPC network.
                                                                                                                                                                    • An added container CIDR block cannot be deleted.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Adding a Container CIDR Block for a CCE Standard Cluster
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                                                                    3. Configure the container CIDR block to be added. You can click  to add multiple container CIDR blocks at a time.
                                                                                                                                                                       
                                                                                                                                                                      New container CIDR blocks cannot conflict with service CIDR blocks, VPC CIDR blocks, and existing container CIDR blocks.
                                                                                                                                                                      
+
                                                                                                                                                                      Adding a Container CIDR Block for a CCE Standard Cluster
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. On the Overview page, locate the Networking Configuration area and click Add.
                                                                                                                                                                      3. Configure the container CIDR block to be added. You can click  to add multiple container CIDR blocks at a time.
                                                                                                                                                                         
                                                                                                                                                                        New container CIDR blocks cannot conflict with service CIDR blocks, VPC CIDR blocks, and existing container CIDR blocks.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0681.html b/docs/cce/umn/cce_10_0681.html
index 84b2d0f38..56eceebcc 100644
--- a/docs/cce/umn/cce_10_0681.html
+++ b/docs/cce/umn/cce_10_0681.html
@@ -3,16 +3,16 @@
 
                                                                                                                                                                      Creating a LoadBalancer Service
                                                                                                                                                                      
 
                                                                                                                                                                      Scenario
                                                                                                                                                                      LoadBalancer Services can access workloads from the public network through a load balancer, which is more reliable than EIP-based access. The LoadBalancer access address is in the format of IP address of public network load balancer:Access port, for example, 10.117.117.117:80.
                                                                                                                                                                      
 
                                                                                                                                                                      In this access mode, requests are transmitted through an ELB load balancer to a node and then forwarded to the destination pod through the Service.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 1 LoadBalancer
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 1 LoadBalancer
                                                                                                                                                                      
 
                                                                                                                                                                      When CCE Turbo clusters and dedicated load balancers are used, passthrough networking is supported to reduce service latency and ensure zero performance loss.
                                                                                                                                                                      
 
                                                                                                                                                                      External access requests are directly forwarded from a load balancer to pods. Internal access requests can be forwarded to a pod through a Service.
                                                                                                                                                                      
-
                                                                                                                                                                      Figure 2 Passthrough networking
                                                                                                                                                                      
+
                                                                                                                                                                      Figure 2 Passthrough networking
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                      • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                        • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                        • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                        
 
                                                                                                                                                                      • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                                                                                                                                                      • If service affinity is set to the node level (that is, externalTrafficPolicy is set to Local), the cluster may fail to access the Service by using the ELB address. For details, see Why a Service Fail to Be Accessed from Within the Cluster.
                                                                                                                                                                      • In a CCE Turbo cluster that utilizes a Cloud Native 2.0 network model, node-level affinity is supported only when the Service backend is connected to a HostNetwork pod.
                                                                                                                                                                      • Dedicated ELB load balancers can be used only in clusters of v1.17 and later.
                                                                                                                                                                      • A dedicated load balancer must be of the network type (TCP/UDP) and support private networks (with a private IP address). If the Service needs to support HTTP, the dedicated load balancers must be of the network (TCP/UDP) or application load balancing (HTTP/HTTPS) type.
                                                                                                                                                                      • When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.
                                                                                                                                                                      • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. Use different load balancers for the ingress and Service.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Creating a LoadBalancer Service
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                      3. Configure parameters.
                                                                                                                                                                        • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                        • Service Type: Select LoadBalancer.
                                                                                                                                                                        • Namespace: namespace that the workload belongs to.
                                                                                                                                                                        • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                                          • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                          • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                          
-
                                                                                                                                                                        • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                        • IPv6: This function is disabled by default. After this function is enabled, the cluster IP address of the Service changes to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                                                                                                                                                        • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                          A load balancer can be dedicated or shared. A dedicated load balancer supports Network (TCP/UD), Application (HTTP/HTTPS), or Network (TCP/UD) & Application (HTTP/HTTPS).
                                                                                                                                                                          
+
                                                                                                                                                                          Using the Console
                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                          2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                          3. Configure parameters.
                                                                                                                                                                            • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                            • Service Type: Select LoadBalancer.
                                                                                                                                                                            • Namespace: namespace that the workload belongs to.
                                                                                                                                                                            • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                                              • Cluster-level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                              • Node-level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                              
+
                                                                                                                                                                            • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                            • Protocol Version: This function is disabled by default. After this function is enabled, the cluster IP address of the Service can be set to an IPv6 address. This parameter is available only in clusters of v1.15 or later with IPv6 enabled (set during cluster creation).
                                                                                                                                                                            • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                              A load balancer can be dedicated or shared. A dedicated load balancer supports Network (TCP/UDP), Application (HTTP/HTTPS), or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                              
 
                                                                                                                                                                              You can select Use existing or Auto create to obtain a load balancer. For details about the configuration of different creation modes, see Table 1.
 
                                                                                                                                                                              
@@ -27,18 +27,18 @@
 
-
                                                                                                                                                                              Table 1 Load balancer configurations
                                                                                                                                                                              How to Create
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              Auto create
                                                                                                                                                                              
 
                                                                                                                                                                              • Instance Name: Enter a load balancer name.
                                                                                                                                                                              • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                                                                                                              • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                                                                                                                                              • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                                                                                                                                              • Network/Application-oriented Specifications (available only to dedicated load balancers)
                                                                                                                                                                                • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                                                                                                                                                • Fixed: applies to stable traffic, billed based on specifications.
                                                                                                                                                                                
-
                                                                                                                                                                              • EIP: If you select Auto create, you can configure the billing mode and size of the public network bandwidth.
                                                                                                                                                                              • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use predefined tags to improve the tag creation and resource migration efficiency.
                                                                                                                                                                              
+
                                                                                                                                                                              • Instance Name: Enter a load balancer name.
                                                                                                                                                                              • AZ: available only to dedicated load balancers. You can create load balancers in multiple AZs to improve service availability. You can deploy a load balancer in multiple AZs for high availability.
                                                                                                                                                                              • Frontend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to provide services externally.
                                                                                                                                                                              • Backend Subnet: available only to dedicated load balancers. It is used to allocate IP addresses for load balancers to access the backend service.
                                                                                                                                                                              • Network Specifications, Application-oriented Specifications, or Specifications (available only to dedicated load balancers)
                                                                                                                                                                                • Elastic: applies to fluctuating traffic, billed based on total traffic. Clusters of v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions support elastic specifications.
                                                                                                                                                                                • Fixed: applies to stable traffic, billed based on specifications.
                                                                                                                                                                                
+
                                                                                                                                                                              • EIP: If you select Auto create, you can configure the size of the public network bandwidth.
                                                                                                                                                                              • Resource Tag: You can add resource tags to classify resources. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency.
                                                                                                                                                                              
                                                                                                                                                                               		
 
                                                                                                                                                                              
 
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              You can click  in the Set ELB area and configure load balancer parameters in the Set ELB dialog box.
                                                                                                                                                                              
+
                                                                                                                                                                              Set ELB: You can click Edit and configure the load balancing algorithm and sticky session.
                                                                                                                                                                              
 
                                                                                                                                                                              • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                                                                                 
                                                                                                                                                                                • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                                                                                • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                                                                                • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                              • Type: This function is disabled by default. You can select Source IP address. Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                                 
                                                                                                                                                                                When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                                                                                                                
+
                                                                                                                                                                              • Sticky Session: This function is disabled by default. You can use source IP addresses. Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                                 
                                                                                                                                                                                When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                            • Health Check: Configure health check for the load balancer.
@@ -79,12 +79,12 @@
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                5. Ports
                                                                                                                                                                  • Protocol: protocol used by the Service. 
                                                                                                                                                                  • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                  • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                  • Frontend Protocol: the frontend protocol of the load balancer listener for establishing a traffic distribution connection with the client. When a dedicated load balancer is selected, HTTP/HTTPS can be configured only when Application (HTTP/HTTPS) is selected.
                                                                                                                                                                  • Health Check: If Health Check is set to Custom health check, you can configure health check for ports using different protocols. For details, see Table 2.
                                                                                                                                                                  
+
                                                                                                                                                                6. Ports
                                                                                                                                                                  • Protocol: protocol used by the Service. 
                                                                                                                                                                  • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                  • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                  • Frontend Protocol: the frontend protocol of the load balancer listener for establishing a traffic distribution connection with the client. When a dedicated load balancer is selected, HTTP/HTTPS can be configured only when Application (HTTP/HTTPS) is selected.
                                                                                                                                                                  • Health Check: If Health Check is set to Custom health check, you can configure health check for ports using different protocols. For details, see Table 2.
                                                                                                                                                                  
 
                                                                                                                                                                   
                                                                                                                                                                  When a LoadBalancer Service is created, a random node port number (NodePort) is automatically generated.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                7. Listener
                                                                                                                                                                  • SSL Authentication: Select this option if HTTPS/TLS is enabled on the listener port. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                    • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                    • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                    
 
                                                                                                                                                                  • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                  • Server Certificate: If HTTPS/TLS is enabled on the listener port, you must select a server certificate. 
                                                                                                                                                                  • SNI: If HTTPS/TLS is enabled on the listener port, you must determine whether to add an SNI certificate. Before adding an SNI certificate, ensure the certificate contains a domain name. 
                                                                                                                                                                    If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                                                                    
-
                                                                                                                                                                  • Security Policy: If HTTPS/TLS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. If TLS is enabled on the listener port, TCP or TLS can be used to access the backend server. The default value is TCP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  • Access Control
                                                                                                                                                                    • Allow all IP addresses: No access control is configured.
                                                                                                                                                                    • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                    • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                    
+
                                                                                                                                                                  • Security Policy: If HTTPS/TLS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. If TLS is enabled on the listener port, TCP or TLS can be used to access the backend server. The default value is TCP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                  • Access Control
                                                                                                                                                                    • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                                                                    • Allow all IP addresses: No access control is configured.
                                                                                                                                                                    • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                    • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                    
 
                                                                                                                                                                  • Advanced Options
 
                                                                                                                                                                    
@@ -127,7 +127,7 @@
 
                                                                                                                                                                    Configuration
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  
-
                                                                                                                                                                8. Annotation: The LoadBalancer Service has some advanced CCE functions, which are implemented by annotations. For details, see Using Annotations to Balance Load.
                                                                                                                                                                  9. 
+
                                                                                                                                                                9. Annotation: The LoadBalancer Service has some advanced CCE functions, which are implemented by annotations. For details, see Configuring LoadBalancer Services Using Annotations.
                                                                                                                                                                  10. 
 
                                                                                                                                                                10. Click OK.
                                                                                                                                                                  11. 
 
                                                                                                                                                                  
 
                                                                                                                                                                  Using kubectl to Create a Service (Using an Existing Load Balancer)
                                                                                                                                                                  You can configure Service access using kubectl when creating a workload. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                                  
@@ -154,7 +154,7 @@ spec:
       - name: default-secret
 
                                                                                                                                                                  
 
                                                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                                                  
-
                                                                                                                                                                   
                                                                                                                                                                  To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                                                                  
+
                                                                                                                                                                   
                                                                                                                                                                  To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  apiVersion: v1 
 kind: Service 
@@ -185,7 +185,7 @@ spec:
   type: LoadBalancer
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  The preceding example uses annotations to implement some advanced functions of load balancing, such as sticky session and health check. For details, see Table 3.
                                                                                                                                                                  
-
                                                                                                                                                                  For more annotations and examples related to advanced functions, see Using Annotations to Balance Load.
                                                                                                                                                                  
+
                                                                                                                                                                  For more annotations and examples related to advanced functions, see Configuring LoadBalancer Services Using Annotations.
                                                                                                                                                                  
 
 
                                                                                                                                                                  
@@ -382,12 +382,12 @@ spec:
 
                                                                                                                                                                  If information similar to the following is displayed, the Service has been created.
                                                                                                                                                                  service/nginx created
                                                                                                                                                                  kubectl get svc
                                                                                                                                                                  
-
                                                                                                                                                                  If information similar to the following is displayed, the access type has been set, and the workload is accessible.
                                                                                                                                                                  
+
                                                                                                                                                                  If information similar to the following is displayed, the workload's access mode has been configured.
                                                                                                                                                                  NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
 kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
 nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                                                                11. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                                                  The Nginx is accessible.
                                                                                                                                                                  
-
                                                                                                                                                                  Figure 3 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                                  
+
                                                                                                                                                                  Figure 3 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                                  
 
                                                                                                                                                                  12. Using kubectl to Create a Service (Automatically Creating a Load Balancer)
                                                                                                                                                                  You can configure Service access using kubectl when creating a workload. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                                  
@@ -414,7 +414,7 @@ spec:
 
                                                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                                                  
-
                                                                                                                                                                   
                                                                                                                                                                  To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Scheduling Policies (Affinity/Anti-affinity).
                                                                                                                                                                  
+
                                                                                                                                                                   
                                                                                                                                                                  To enable sticky session, ensure anti-affinity is configured for the workload pods so that the pods are deployed onto different nodes. For details, see Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity).
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Example of a Service using a public network shared load balancer:
                                                                                                                                                                  apiVersion: v1 
 kind: Service 
@@ -506,7 +506,7 @@ spec:
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  The preceding example uses annotations to implement some advanced functions of load balancing, such as sticky session and health check. For details, see Table 6.
                                                                                                                                                                  
-
                                                                                                                                                                  For more annotations and examples related to advanced functions, see Using Annotations to Balance Load.
                                                                                                                                                                  
+
                                                                                                                                                                  For more annotations and examples related to advanced functions, see Configuring LoadBalancer Services Using Annotations.
                                                                                                                                                                  
 
 
                                                                                                                                                                  Table 3 annotations parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
                                                                                                                                                                   		
 
 
 
 
 
 
 
 
                                                                                                                                                                  
@@ -537,8 +537,8 @@ spec:
 
@@ -560,7 +560,7 @@ spec:
 
@@ -770,7 +770,7 @@ spec:
 
-
@@ -788,12 +788,12 @@ spec:
 
                                                                                                                                                                  If information similar to the following is displayed, the Service has been created.
                                                                                                                                                                  service/nginx created
                                                                                                                                                                  kubectl get svc
                                                                                                                                                                  
-
                                                                                                                                                                  If information similar to the following is displayed, the access type has been set, and the workload is accessible.
                                                                                                                                                                  
+
                                                                                                                                                                  If information similar to the following is displayed, the workload's access mode has been configured.
                                                                                                                                                                  NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
 kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
 nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                                                                12. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                                                  The Nginx is accessible.
                                                                                                                                                                  
-
                                                                                                                                                                  Figure 4 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                                  
+
                                                                                                                                                                  Figure 4 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                                  
 
                                                                                                                                                                  13. 
diff --git a/docs/cce/umn/cce_10_0683.html b/docs/cce/umn/cce_10_0683.html
index e240961cb..4b4bc6e55 100644
--- a/docs/cce/umn/cce_10_0683.html
+++ b/docs/cce/umn/cce_10_0683.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                  Configuring HTTP/HTTPS for a LoadBalancer Service
                                                                                                                                                                  Notes and Constraints
                                                                                                                                                                  • Only clusters of v1.19.16 or later support HTTP or HTTPS.
-
                                                                                                                                                                  Table 6 annotations parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Whether to automatically create a load balancer associated with the Service.
                                                                                                                                                                  
 
                                                                                                                                                                  Example
                                                                                                                                                                  
-
                                                                                                                                                                  • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                    '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic,"bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                                                    
-
                                                                                                                                                                  • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                    {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                                    
+
                                                                                                                                                                    • Automatically created shared load balancer with an EIP bound:
                                                                                                                                                                      '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic,"bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                                                      
+
                                                                                                                                                                    • Automatically created shared load balancer with no EIP bound:
                                                                                                                                                                      {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                  		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                                                                  
 
                                                                                                                                                                  Options:
                                                                                                                                                                  
-
                                                                                                                                                                  • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                                  • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                                  • SOURCE_IP: source IP hash algorithm
                                                                                                                                                                  
+
                                                                                                                                                                  • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                                  • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                                  • SOURCE_IP: source IP hash algorithm
                                                                                                                                                                  
 
                                                                                                                                                                   NOTE: 
                                                                                                                                                                  If this parameter is set to SOURCE_IP, the weight setting (weight field) of backend servers bound to the backend server group is invalid, and sticky session cannot be enabled.
                                                                                                                                                                  
 
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  String
                                                                                                                                                                  
 
                                                                                                                                                                  Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                                                  
+
                                                                                                                                                                  ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                                                  
 
                                                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
 
 
 
 
 
 
                                                                                                                                                                  Table 1 Scenarios where a load balancer supports HTTP or HTTPS
                                                                                                                                                                  ELB Type
                                                                                                                                                                  
+
                                                                                                                                                                  
-
@@ -12,9 +12,9 @@
 
-
-
@@ -28,18 +28,18 @@
 
-
-
-
-
@@ -49,8 +49,8 @@
 
                                                                                                                                                                13. Do not connect an ingress and a Service that uses HTTP or HTTPS to the same listener of the same load balancer. Otherwise, a port conflict occurs.
                                                                                                                                                                  14. 
-
                                                                                                                                                                  Using the CCE Console
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                  3. Configure Service parameters. In this example, only mandatory parameters required for using HTTP/HTTPS are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                    • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                    • Service Type: Select LoadBalancer.
                                                                                                                                                                    • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                    • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                      • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                      • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                      
-
                                                                                                                                                                    • Ports
                                                                                                                                                                      • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                      • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                      • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                      • Frontend Protocol: specifies whether to enable HTTP/HTTPS on the listener port. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                      
+
                                                                                                                                                                      Using the CCE Console
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                      3. Configure Service parameters. In this example, only mandatory parameters required for using HTTP/HTTPS are listed. For details about how to configure other parameters, see Using the Console.
                                                                                                                                                                        • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                        • Service Type: Select LoadBalancer.
                                                                                                                                                                        • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                        • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                          • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                          • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                          
+
                                                                                                                                                                        • Ports
                                                                                                                                                                          • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                          • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                          • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                          • Frontend Protocol: specifies whether to enable HTTP/HTTPS on the listener port. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                          
 
                                                                                                                                                                        • Listener
                                                                                                                                                                          • SSL Authentication: Select this option if HTTPS is enabled on the listener port. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                            • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                            • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                            
 
                                                                                                                                                                          • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                          • Server Certificate: If HTTPS is enabled on the listener port, you must select a server certificate. 
                                                                                                                                                                          • SNI: If HTTPS is enabled on the listener port, you must determine whether to add an SNI certificate. Before adding an SNI certificate, ensure the certificate contains a domain name. 
                                                                                                                                                                          • Security Policy: If HTTPS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                          • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          If multiple HTTPS Services are released, all listeners will use the same certificate configuration.
                                                                                                                                                                          
@@ -58,12 +58,9 @@
 
                                                                                                                                                                        
 
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Using kubectl
                                                                                                                                                                      If a Service is HTTP/HTTPS-compliant, add the following annotations:
                                                                                                                                                                      
-
                                                                                                                                                                      • kubernetes.io/elb.protocol-port: "https:443,http:80"
                                                                                                                                                                        The value of protocol-port must be the same as the port in the spec.ports field of the Service. The format is Protocol:Port. The port matches the one in the service.spec.ports field and is released as the corresponding protocol.
                                                                                                                                                                        
-
                                                                                                                                                                      • kubernetes.io/elb.cert-id: "17e3b4f4bc40471c86741dc3aa211379"
                                                                                                                                                                        cert-id indicates the certificate ID in ELB certificate management. When https is configured for protocol-port, the certificate of the ELB listener will be set to the server certificate. When multiple HTTPS Services are released, they will use the same certificate.
                                                                                                                                                                        
-
                                                                                                                                                                      
-
                                                                                                                                                                      The following is a configuration example for automatically creating a dedicated load balancer, in which key configurations are marked in red:
                                                                                                                                                                      
+
                                                                                                                                                                      Using kubectl
                                                                                                                                                                      If a Service uses the HTTP or HTTPS protocol, it is important to take note of the following configuration requirements:
                                                                                                                                                                      
 
                                                                                                                                                                      • Different ELB types and cluster versions have different requirements on flavors. For details, see Table 1.
                                                                                                                                                                      • The two ports in spec.ports must correspond to those in kubernetes.io/elb.protocol-port. In this example, ports 443 and 80 are enabled with HTTPS and HTTP, respectively.
                                                                                                                                                                      
+
                                                                                                                                                                      The following is a configuration example for automatically creating a dedicated load balancer, in which key configurations are marked in red:
                                                                                                                                                                      
 
                                                                                                                                                                      apiVersion: v1
 kind: Service
 metadata:
@@ -106,8 +103,36 @@ spec:
     version: v1
   sessionAffinity: None
   type: LoadBalancer
                                                                                                                                                                      
-
                                                                                                                                                                      Use the preceding example configurations to create a Service. In the new ELB load balancer, you can see that the listeners on ports 443 and 80 are created.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
+
                                                                                                                                                                  Table 1 Scenarios where a load balancer supports HTTP or HTTPS
                                                                                                                                                                  ELB Type
                                                                                                                                                                  
 
                                                                                                                                                                  Application scenario
                                                                                                                                                                  
+
                                                                                                                                                                  Application scenario
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Whether to Support HTTP or HTTPS
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Shared load balancer
                                                                                                                                                                  
+
                                                                                                                                                                  Shared load balancer
                                                                                                                                                                  
 
                                                                                                                                                                  Interconnecting with an existing load balancer
                                                                                                                                                                  
+
                                                                                                                                                                  Interconnecting with an existing load balancer
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Yes
                                                                                                                                                                  
 
                                                                                                                                                                  None
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  Dedicated load balancer
                                                                                                                                                                  
+
                                                                                                                                                                  Dedicated load balancer
                                                                                                                                                                  
 
                                                                                                                                                                  Interconnecting with an existing load balancer
                                                                                                                                                                  
+
                                                                                                                                                                  Interconnecting with an existing load balancer
                                                                                                                                                                  
 
                                                                                                                                                                  Yes (A YAML file is required.)
                                                                                                                                                                  
+
                                                                                                                                                                  Supported
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  • For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10 and v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
                                                                                                                                                                  • For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  
 
                                                                                                                                                                  Automatically creating a load balancer
                                                                                                                                                                  
 
                                                                                                                                                                  Yes (A YAML file is required.)
                                                                                                                                                                  
+
                                                                                                                                                                  Supported
                                                                                                                                                                  
                                                                                                                                                                   		
 
                                                                                                                                                                  • For versions earlier than v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10 and v1.27.1-r10, the load balancer flavor must support both the layer-4 and layer-7 routing.
                                                                                                                                                                  • For v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, and later versions, the load balancer flavor must support layer-7 routing.
                                                                                                                                                                  
                                                                                                                                                                   		
 
 
                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                  Table 2 Key parameters
                                                                                                                                                                  Parameter
                                                                                                                                                                  
+
                                                                                                                                                                  Type
                                                                                                                                                                  
+
                                                                                                                                                                  Description
                                                                                                                                                                  
+
                                                                                                                                                                  kubernetes.io/elb.protocol-port
                                                                                                                                                                  
+
                                                                                                                                                                  String
                                                                                                                                                                  
+
                                                                                                                                                                  If a Service is TLS/HTTP/HTTPS-compliant, configure the protocol and port number in the format of "protocol:port".
                                                                                                                                                                  
+
                                                                                                                                                                  Specifically:
                                                                                                                                                                  
+
                                                                                                                                                                  • protocol: specifies the protocol used by the listener port. The value can be tls, http, or https.
                                                                                                                                                                  • port: Service port specified by spec.ports[].port.
                                                                                                                                                                  
+
                                                                                                                                                                  In this example, ports 443 and 80 are enabled with HTTPS and HTTP, respectively. Therefore, the parameter value is https:443,http:80.
                                                                                                                                                                  
+
                                                                                                                                                                  kubernetes.io/elb.cert-id
                                                                                                                                                                  
+
                                                                                                                                                                  String
                                                                                                                                                                  
+
                                                                                                                                                                  ID of an ELB certificate, which is used as the TLS/HTTPS server certificate.
                                                                                                                                                                  
+
                                                                                                                                                                  To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                  
 
 
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0685.html b/docs/cce/umn/cce_10_0685.html
index 3e583f04c..1be207d7e 100644
--- a/docs/cce/umn/cce_10_0685.html
+++ b/docs/cce/umn/cce_10_0685.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                  Notes and Constraints
                                                                                                                                                                  • This feature is available in the following versions:
                                                                                                                                                                    • v1.19: v1.19.16-r5 or later
                                                                                                                                                                    • v1.21: v1.21.8-r0 or later
                                                                                                                                                                    • v1.23: v1.23.6-r0 or later
                                                                                                                                                                    • v1.25: v1.25.2-r0 or later
                                                                                                                                                                    • Versions later than v1.25
                                                                                                                                                                    
 
                                                                                                                                                                  • This function applies only to passthrough scenarios, that is, scenarios where dedicated load balancers are used in CCE Turbo clusters.
                                                                                                                                                                  • To use this function, configure the readinessGates field in the pod and specify the label target-health.elb.k8s.cce/{serviceName}, where {serviceName} indicates the service name.
                                                                                                                                                                  • The pod ready status takes effect only when the ELB backend is initially connected. The subsequent health check status does not affect the pod ready status.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Setting the Pod Ready Status Through the ELB Health Check
                                                                                                                                                                  To use Pod readiness Gates, perform the following steps:
                                                                                                                                                                  
+
                                                                                                                                                                  Setting the Pod Ready Status Through the ELB Health Check
                                                                                                                                                                  To use pod readiness gates, perform the following steps:
                                                                                                                                                                  
 
                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                  2. In the navigation pane, choose Workloads. In the upper right corner, click Create from YAML.
                                                                                                                                                                    YAML content:
                                                                                                                                                                    kind: Deployment
 apiVersion: apps/v1
 metadata:
diff --git a/docs/cce/umn/cce_10_0686.html b/docs/cce/umn/cce_10_0686.html
index 3f9fab9f1..f29b14b7b 100644
--- a/docs/cce/umn/cce_10_0686.html
+++ b/docs/cce/umn/cce_10_0686.html
@@ -10,25 +10,11 @@
 
 
diff --git a/docs/cce/umn/cce_10_0687.html b/docs/cce/umn/cce_10_0687.html
index d55ac6ed9..440356e99 100644
--- a/docs/cce/umn/cce_10_0687.html
+++ b/docs/cce/umn/cce_10_0687.html
@@ -1,12 +1,60 @@
 
 
 
                                                                                                                                                                    Configuring an HTTPS Certificate for a LoadBalancer Ingress
                                                                                                                                                                    
-
                                                                                                                                                                    Ingresses support TLS certificates and secure your Services with HTTPS.
                                                                                                                                                                    
-
                                                                                                                                                                    You can use a TLS secret certificate configured in the cluster and the ELB certificate.
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    If HTTPS is enabled for the same port of the same load balancer of multiple ingresses, you must select the same certificate.
                                                                                                                                                                    
+
                                                                                                                                                                    Ingresses support SSL or TLS certificates, allowing you to secure your Services with HTTPS.
                                                                                                                                                                    
+
                                                                                                                                                                    You are allowed to use either of the following ways to configure an ingress certificate in a cluster:
                                                                                                                                                                    • Using a TLS certificate: You need to first import a certificate to a Secret. CCE will then automatically handle the certificate configurations on the ELB console and give a name to the certificate (started with k8s_plb_default). This certificate, which is generated by CCE, cannot be modified or deleted from the ELB console. To modify the certificate, update the secret where the certificate is imported to on CCE.
                                                                                                                                                                    • Using a certificate created on the ELB console: You are allowed to directly use certificates created on the ELB console. There is no need to manually configure the cluster Secrets, and you can modify the certificates on the ELB console.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    If HTTPS is enabled for the same port of the same load balancer of multiple ingresses, you must select the same certificate. For details, see Configuring a Same Port for Multiple Ingresses.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Using a TLS Secret Certificate
                                                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                                                      Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                                                      
-
                                                                                                                                                                      vi ingress-test-secret.yaml
                                                                                                                                                                      
+
                                                                                                                                                                      Prerequisites
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Using the CCE Console to Configure a TLS Certificate
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                      3. Configure ingress parameters.
                                                                                                                                                                         
                                                                                                                                                                        This example explains only key parameters for configuring HTTPS certificates. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Example
                                                                                                                                                                        
+
                                                                                                                                                                        Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter an ingress name.
                                                                                                                                                                        
+
                                                                                                                                                                        ingress-test
                                                                                                                                                                        
+
                                                                                                                                                                        Load Balancer
                                                                                                                                                                        
+
                                                                                                                                                                        Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                        Shared
                                                                                                                                                                        
+
                                                                                                                                                                        Listener
                                                                                                                                                                        
+
                                                                                                                                                                        • External Protocol: Select HTTPS when configuring a certificate for an ingress.
                                                                                                                                                                        • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                                                        • Certificate Source: Select TLS secret.
                                                                                                                                                                        • Server Certificate: kubernetes.io/tls and IngressTLS are supported.
                                                                                                                                                                          If no certificate is available, you can create a TLS certificate. For details about the configuration parameters, see Creating a Secret.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        • External Protocol: HTTPS
                                                                                                                                                                        • External Port: 443
                                                                                                                                                                        • Certificate Source: TLS secret
                                                                                                                                                                        • Server Certificate: test
                                                                                                                                                                        
+
                                                                                                                                                                        Forwarding Policy
                                                                                                                                                                        
+
                                                                                                                                                                        • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                        • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                        • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                        • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                        • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                        
+
                                                                                                                                                                        • Domain Name: You do not need to configure this parameter.
                                                                                                                                                                        • Path Matching Rule: Prefix match
                                                                                                                                                                        • Path: /
                                                                                                                                                                        • Destination Service: nginx
                                                                                                                                                                        • Destination Service Port: 80
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Using kubectl to Configure a TLS Certificate
                                                                                                                                                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                      2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                                                        Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                                                        
+
                                                                                                                                                                        vi ingress-test-secret.yaml
                                                                                                                                                                        
 
                                                                                                                                                                        The YAML file is configured as follows:
                                                                                                                                                                        apiVersion: v1
 data:
   tls.crt: LS0******tLS0tCg==
@@ -21,18 +69,17 @@ metadata:
 
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                      3. Create a secret.
                                                                                                                                                                        kubectl create -f ingress-test-secret.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      4. Create a secret.
                                                                                                                                                                        kubectl create -f ingress-test-secret.yaml
                                                                                                                                                                        
 
                                                                                                                                                                        If information similar to the following is displayed, the secret has been created:
                                                                                                                                                                        
 
                                                                                                                                                                        secret/ingress-test-secret created
                                                                                                                                                                        
-
                                                                                                                                                                        View the created secret.
                                                                                                                                                                        
-
                                                                                                                                                                        kubectl get secrets
                                                                                                                                                                        
-
                                                                                                                                                                        If information similar to the following is displayed, the secret has been created:
                                                                                                                                                                        
-
                                                                                                                                                                        NAME                         TYPE                                  DATA      AGE
+
                                                                                                                                                                      5. Check the created secret.
                                                                                                                                                                        kubectl get secrets
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the secret has been created:
                                                                                                                                                                        
+
                                                                                                                                                                        NAME                         TYPE                                  DATA      AGE
 ingress-test-secret          IngressTLS                            2         13s
                                                                                                                                                                        
-
                                                                                                                                                                      6. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                        vi ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      7. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                        vi ingress-test.yaml
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        Default security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.17 or later.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        The following uses the automatically created load balancer as an example. The YAML file is configured as follows:
                                                                                                                                                                        
+
                                                                                                                                                                        An example YAML file of an ingress associated with an automatically created load balancer is as follows:
                                                                                                                                                                        
 
                                                                                                                                                                        For clusters of v1.21 or earlier:
                                                                                                                                                                        
 
                                                                                                                                                                        apiVersion: networking.k8s.io/v1beta1
 kind: Ingress 
@@ -61,7 +108,7 @@ spec:
   tls: 
   - secretName: ingress-test-secret
   rules: 
-  - host: foo.bar.com
+  - host: ''
     http: 
       paths: 
       - path: '/'
@@ -96,7 +143,7 @@ spec:
   tls: 
   - secretName: ingress-test-secret
   rules: 
-  - host: foo.bar.com
+  - host: ''
     http: 
       paths: 
       - path: '/'
@@ -104,110 +151,184 @@ spec:
           service:
             name: <your_service_name>  # Replace it with the name of your target Service.
             port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
+              number: 80             # Replace 80 with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
   ingressClassName: cce 
                                                                                                                                                                        
 
                                                                                                                                                                      
 
-
                                                                                                                                                                      Table 1 Key parameters
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                      Table 2 Key parameters
                                                                                                                                                                      Parameter
                                                                                                                                                                      
 
                                                                                                                                                                      Mandatory
                                                                                                                                                                      
+
                                                                                                                                                                      Mandatory
                                                                                                                                                                      
 
                                                                                                                                                                      Type
                                                                                                                                                                      
+
                                                                                                                                                                      Type
                                                                                                                                                                      
 
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
                                                                                                                                                                      kubernetes.io/elb.tls-ciphers-policy
                                                                                                                                                                      
+
                                                                                                                                                                      kubernetes.io/elb.tls-ciphers-policy
                                                                                                                                                                      
 
                                                                                                                                                                      No
                                                                                                                                                                      
+
                                                                                                                                                                      No
                                                                                                                                                                      
 
                                                                                                                                                                      String
                                                                                                                                                                      
+
                                                                                                                                                                      String
                                                                                                                                                                      
 
                                                                                                                                                                      The default value is tls-1-2, which is the default security policy used by the listener and takes effect only when HTTPS is used.
                                                                                                                                                                      
+
                                                                                                                                                                      The default value is tls-1-2, which is the default security policy used by the listener and takes effect only when HTTPS is used.
                                                                                                                                                                      
 
                                                                                                                                                                      Options:
                                                                                                                                                                      
 
                                                                                                                                                                      • tls-1-0
                                                                                                                                                                      • tls-1-1
                                                                                                                                                                      • tls-1-2
                                                                                                                                                                      • tls-1-2-strict
                                                                                                                                                                      
-
                                                                                                                                                                      For details of cipher suites for each security policy, see Table 2.
                                                                                                                                                                      
+
                                                                                                                                                                      For details of cipher suites for each security policy, see Table 3.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      tls
                                                                                                                                                                      
+
                                                                                                                                                                      tls
                                                                                                                                                                      
 
                                                                                                                                                                      No
                                                                                                                                                                      
+
                                                                                                                                                                      No
                                                                                                                                                                      
 
                                                                                                                                                                      Array of strings
                                                                                                                                                                      
+
                                                                                                                                                                      Array of strings
                                                                                                                                                                      
 
                                                                                                                                                                      When HTTPS is used, this parameter must be added to specify the secret certificate.
                                                                                                                                                                      
+
                                                                                                                                                                      When HTTPS is used, this parameter must be added to specify the secret certificate.
                                                                                                                                                                      
 
                                                                                                                                                                      Multiple independent domain names and certificates can be added. For details, see Configuring SNI for a LoadBalancer Ingress.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      secretName
                                                                                                                                                                      
+
                                                                                                                                                                      secretName
                                                                                                                                                                      
 
                                                                                                                                                                      No
                                                                                                                                                                      
+
                                                                                                                                                                      No
                                                                                                                                                                      
 
                                                                                                                                                                      String
                                                                                                                                                                      
+
                                                                                                                                                                      String
                                                                                                                                                                      
 
                                                                                                                                                                      This parameter is mandatory if HTTPS is used. Set this parameter to the name of the created secret.
                                                                                                                                                                      
+
                                                                                                                                                                      This parameter is mandatory if HTTPS is used. Set this parameter to the name of the created secret.
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
                                                                                                                                                                       
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
-
                                                                                                                                                                      Table 2 tls_ciphers_policy parameter description
                                                                                                                                                                      Security Policy
                                                                                                                                                                      
+
                                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 3 tls_ciphers_policy parameter description
                                                                                                                                                                      Security Policy
                                                                                                                                                                      
 
                                                                                                                                                                      TLS Version
                                                                                                                                                                      
+
                                                                                                                                                                      TLS Version
                                                                                                                                                                      
 
                                                                                                                                                                      Cipher Suite
                                                                                                                                                                      
+
                                                                                                                                                                      Cipher Suite
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
 
                                                                                                                                                                      tls-1-0
                                                                                                                                                                      
+
                                                                                                                                                                      tls-1-0
                                                                                                                                                                      
 
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
 
                                                                                                                                                                      TLS 1.1
                                                                                                                                                                      
 
                                                                                                                                                                      TLS 1.0
                                                                                                                                                                      
 
                                                                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-SHA:AES256-SHA
                                                                                                                                                                      
+
                                                                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-SHA:AES256-SHA
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      tls-1-1
                                                                                                                                                                      
+
                                                                                                                                                                      tls-1-1
                                                                                                                                                                      
 
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
 
                                                                                                                                                                      TLS 1.1
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      tls-1-2
                                                                                                                                                                      
+
                                                                                                                                                                      tls-1-2
                                                                                                                                                                      
 
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      tls-1-2-strict
                                                                                                                                                                      
+
                                                                                                                                                                      tls-1-2-strict
                                                                                                                                                                      
 
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
 
                                                                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384
                                                                                                                                                                      
+
                                                                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384
                                                                                                                                                                      
+
                                                                                                                                                                      TLS-1-0-WITH-1-3 (dedicated load balancer)
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.3
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.1
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.0
                                                                                                                                                                      
+
                                                                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-SHA:AES256-SHA:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256
                                                                                                                                                                      
+
                                                                                                                                                                      TLS-1-2-FS (dedicated load balancer)
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.3
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
+
                                                                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384
                                                                                                                                                                      
+
                                                                                                                                                                      TLS-1-2-FS-WITH-1-3 (dedicated load balancer)
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.3
                                                                                                                                                                      
+
                                                                                                                                                                      TLS 1.2
                                                                                                                                                                      
+
                                                                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256
                                                                                                                                                                      
                                                                                                                                                                       		
 
                                                                                                                                                                      
                                                                                                                                                                       
 
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                    3. Create an ingress.
                                                                                                                                                                      kubectl create -f ingress-test.yaml
                                                                                                                                                                      
-
                                                                                                                                                                      If information similar to the following is displayed, the ingress has been created.
                                                                                                                                                                      
+
                                                                                                                                                                    4. Create an ingress.
                                                                                                                                                                      kubectl create -f ingress-test.yaml
                                                                                                                                                                      
+
                                                                                                                                                                      If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                      
 
                                                                                                                                                                      ingress/ingress-test created
                                                                                                                                                                      
-
                                                                                                                                                                      View the created ingress.
                                                                                                                                                                      
-
                                                                                                                                                                      kubectl get ingress
                                                                                                                                                                      
-
                                                                                                                                                                      If information similar to the following is displayed, the ingress has been created and the workload is accessible.
                                                                                                                                                                      
-
                                                                                                                                                                      NAME             HOSTS     ADDRESS          PORTS   AGE
-ingress-test     *         121.**.**.**     80      10s
                                                                                                                                                                      
+
                                                                                                                                                                    5. Check the created ingress.
                                                                                                                                                                      kubectl get ingress
                                                                                                                                                                      
+
                                                                                                                                                                      If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                      
+
                                                                                                                                                                      NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80,443  10s
                                                                                                                                                                      
 
                                                                                                                                                                    6. Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                                                                      121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                                                                      
 
                                                                                                                                                                      7. 
 
-
                                                                                                                                                                      Using the ELB Certificate
                                                                                                                                                                      To use the ELB certificate, you can specify the annotations kubernetes.io/elb.tls-certificate-ids.
                                                                                                                                                                      
-
                                                                                                                                                                       
                                                                                                                                                                      1. If you specify both the IngressTLS certificate and the ELB certificate, the latter is used.
                                                                                                                                                                      2. CCE does not check whether the ELB certificate is valid. It only checks whether the certificate exists.
                                                                                                                                                                      3. Only clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later support the ELB certificate.
                                                                                                                                                                      
+
                                                                                                                                                                      Using the CCE Console to Configure a Certificate Created on the ELB Console
                                                                                                                                                                       
                                                                                                                                                                      • If both an ELB certificate and a TLS certificate are specified for the same ingress, the ingress will use the ELB certificate.
                                                                                                                                                                      • CCE does not check whether an ELB certificate is valid. It only checks whether the certificate is present.
                                                                                                                                                                      • Only ingresses in clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later support ELB certificates.
                                                                                                                                                                      
 
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                      2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                      3. Configure ingress parameters.
                                                                                                                                                                         
                                                                                                                                                                        This example explains only key parameters for configuring HTTPS certificates. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 4 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Example
                                                                                                                                                                        
+
                                                                                                                                                                        Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter an ingress name.
                                                                                                                                                                        
+
                                                                                                                                                                        ingress-test
                                                                                                                                                                        
+
                                                                                                                                                                        Load Balancer
                                                                                                                                                                        
+
                                                                                                                                                                        Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                                                        
+
                                                                                                                                                                        Shared
                                                                                                                                                                        
+
                                                                                                                                                                        Listener
                                                                                                                                                                        
+
                                                                                                                                                                        • External Protocol: Select HTTPS.
                                                                                                                                                                        • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                                                        • Certificate Source: Select ELB server certificate.
                                                                                                                                                                        • Server Certificate: Use a certificate created on ELB.
                                                                                                                                                                          If no certificate is available, go to the ELB console and create one.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        • External Protocol: HTTPS
                                                                                                                                                                        • External Port: 443
                                                                                                                                                                        • Certificate Source: ELB server certificate
                                                                                                                                                                        • Server Certificate: cert-test
                                                                                                                                                                        
+
                                                                                                                                                                        Forwarding Policy
                                                                                                                                                                        
+
                                                                                                                                                                        • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                        • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                        • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                        • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                        • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                        
+
                                                                                                                                                                        • Domain Name: You do not need to configure this parameter.
                                                                                                                                                                        • Path Matching Rule: Prefix match
                                                                                                                                                                        • Path: /
                                                                                                                                                                        • Destination Service: nginx
                                                                                                                                                                        • Destination Service Port: 80
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      4. Click OK.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Using kubectl to Configure a Certificate Created on the ELB Console
                                                                                                                                                                      To use an ELB certificate, you can specify the kubernetes.io/elb.tls-certificate-ids annotation.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      • If both an ELB certificate and a TLS certificate are specified for the same ingress, the ingress will use the ELB certificate.
                                                                                                                                                                      • CCE does not check whether an ELB certificate is valid. It only checks whether the certificate is present.
                                                                                                                                                                      • Only ingresses in clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later support ELB certificates.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                      2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                        vi ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                                                        
 
                                                                                                                                                                        For clusters of v1.21 or earlier:
                                                                                                                                                                        
 
                                                                                                                                                                        apiVersion: networking.k8s.io/v1beta1
 kind: Ingress 
@@ -250,25 +371,25 @@ spec:
               service:
                 name: <your_service_name>  # Replace it with the name of your target Service.
                 port: 
-                  number: 8080             # Replace 8080 with the port number of your target Service.
+                  number: 80             # Replace 80 with the port number of your target Service.
             property:
               ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
             pathType: ImplementationSpecific
   ingressClassName: cce
                                                                                                                                                                        
 
-
                                                                                                                                                                        Table 3 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        
-
-
-
-
-
@@ -277,11 +398,82 @@ spec:
 
                                                                                                                                                                        Table 5 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
 
                                                                                                                                                                        Type
                                                                                                                                                                        
+
                                                                                                                                                                        Type
                                                                                                                                                                        
 
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
 
                                                                                                                                                                        kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                                        
 
                                                                                                                                                                        String
                                                                                                                                                                        
+
                                                                                                                                                                        String
                                                                                                                                                                        
 
                                                                                                                                                                        ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                                                        
+
                                                                                                                                                                        ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                                                        
 
                                                                                                                                                                        If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                                                                        
 
                                                                                                                                                                        To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
+
                                                                                                                                                                      3. Create an ingress.
                                                                                                                                                                        kubectl create -f ingress-test.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        
+
                                                                                                                                                                        ingress/ingress-test created
                                                                                                                                                                        
+
                                                                                                                                                                      4. Check the created ingress.
                                                                                                                                                                        kubectl get ingress
                                                                                                                                                                        
+
                                                                                                                                                                        If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                        
+
                                                                                                                                                                        NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80,443  10s
                                                                                                                                                                        
+
                                                                                                                                                                        5. 
+
+
                                                                                                                                                                        Configuring a Same Port for Multiple Ingresses
                                                                                                                                                                        In a cluster, multiple ingresses can share a listener, allowing them to use the same port on a single load balancer. When two ingresses are set up with HTTPS certificates, the server certificate that is used will be based on the configuration of the earliest ingress.
                                                                                                                                                                        
+
                                                                                                                                                                        Starting from v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, v1.29.1-r0, and later, the YAML file of ingresses includes annotation: kubernetes.io/elb.listener-master-ingress. This annotation specifies the server certificate configured and used by ingresses.
                                                                                                                                                                        
+
                                                                                                                                                                        For example, the configurations of two ingresses are as follows:
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Ingress Name
                                                                                                                                                                        
+
                                                                                                                                                                        ingress1
                                                                                                                                                                        
+
                                                                                                                                                                        ingress2
                                                                                                                                                                        
+
                                                                                                                                                                        Namespace
                                                                                                                                                                        
+
                                                                                                                                                                        default
                                                                                                                                                                        
+
                                                                                                                                                                        default
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Time
                                                                                                                                                                        
+
                                                                                                                                                                        2024-04-01
                                                                                                                                                                        
+
                                                                                                                                                                        2024-04-02
                                                                                                                                                                        
+
                                                                                                                                                                        Protocol
                                                                                                                                                                        
+
                                                                                                                                                                        HTTPS
                                                                                                                                                                        
+
                                                                                                                                                                        HTTPS
                                                                                                                                                                        
+
                                                                                                                                                                        Load Balancer
                                                                                                                                                                        
+
                                                                                                                                                                        elb1
                                                                                                                                                                        
+
                                                                                                                                                                        elb1
                                                                                                                                                                        
+
                                                                                                                                                                        Port
                                                                                                                                                                        
+
                                                                                                                                                                        443
                                                                                                                                                                        
+
                                                                                                                                                                        443
                                                                                                                                                                        
+
                                                                                                                                                                        kubernetes.io/elb.listener-master-ingress
                                                                                                                                                                        
+
                                                                                                                                                                        default/ingress1
                                                                                                                                                                        
+
                                                                                                                                                                        default/ingress1
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In the configurations of the two ingresses, annotation: kubernetes.io/elb.listener-master-ingress is present and the value is default/ingress1, indicating that the server certificates that take effect for the two ingresses are the server certificates configured for ingress1 in the default namespace.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        If ingresses in separate namespaces use the same listener and TLS certificates, the secrets associated with the TLS certificates may not display normal for the later-created ingress due to namespace isolation. 
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        To update a server certificate, modify the certificate in the ingress1 configuration within the default namespace. Once the modification is made, the certificates used by both ingress1 and ingress2 will be updated accordingly.
                                                                                                                                                                        
+
                                                                                                                                                                        To find the ingress with the active certificate configuration, run the following command:
                                                                                                                                                                        
+
                                                                                                                                                                        kubectl get ingress -n ${namespace} ${ingress_name}  -oyaml | grep kubernetes.io/elb.listener-master-ingress
                                                                                                                                                                        
 
                                                                                                                                                                        
 
 
 
diff --git a/docs/cce/umn/cce_10_0688.html b/docs/cce/umn/cce_10_0688.html
index 3175d489c..b1e6b1a2a 100644
--- a/docs/cce/umn/cce_10_0688.html
+++ b/docs/cce/umn/cce_10_0688.html
@@ -2,11 +2,66 @@
 
 
                                                                                                                                                                        Configuring SNI for a LoadBalancer Ingress
                                                                                                                                                                        
 
                                                                                                                                                                        An SNI certificate is an extended server certificate that allows the same IP address and port number to provide multiple access domain names for external systems. Different security certificates can be used based on the domain names requested by clients to ensure HTTPS communication security.
                                                                                                                                                                        
-
                                                                                                                                                                        When configuring SNI, you need to add a certificate associated with a domain name. The client submits the requested domain name information when initiating an SSL handshake request. After receiving the SSL request, the load balancer searches for the certificate based on the domain name. If the certificate is found, the load balancer will return it to the client. If the certificate is not found, the load balancer will return the default server certificate.
                                                                                                                                                                         
                                                                                                                                                                        • This function is supported only in clusters of v1.15.11 and later.
                                                                                                                                                                        • The SNI option is available only when HTTPS is used.
                                                                                                                                                                        
-
                                                                                                                                                                        • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                                                                        • Security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.11 or later.
                                                                                                                                                                        
-
                                                                                                                                                                        
+
                                                                                                                                                                        When configuring SNI, you need to add a certificate associated with a domain name. The client submits the requested domain name information when initiating an SSL handshake request. After receiving the SSL request, the load balancer searches for the certificate based on the domain name. If the certificate is found, the load balancer will return it to the client. If the certificate is not found, the load balancer will return the default server certificate.
                                                                                                                                                                        
+
                                                                                                                                                                        You are allowed to use either of the following ways to configure an ingress certificate in a cluster:
                                                                                                                                                                        • Configuring SNI using a TLS certificate: You need to first import a certificate to a Secret. CCE will then automatically handle the certificate configurations on the ELB console and give a name to the certificate (started with k8s_plb_default). This certificate, which is generated by CCE, cannot be modified or deleted from the ELB console.
                                                                                                                                                                        • Configuring SNI using an ELB certificate: You are allowed to directly use certificates created on the ELB console. There is no need to manually configure the cluster Secrets, and you can modify the certificates on the ELB console.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        You can enable SNI when the preceding conditions are met. The following uses the automatic creation of a load balancer as an example. In this example, sni-test-secret-1 and sni-test-secret-2 are SNI certificates. The domain names specified by the certificates must be the same as those in the certificates.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console to Configure an SNI Certificate
                                                                                                                                                                         
                                                                                                                                                                        • The SNI option is available only when HTTPS is used.
                                                                                                                                                                        
+
                                                                                                                                                                        • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                                                                        • Security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.11 or later.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                                                           
                                                                                                                                                                          This example explains only key parameters for configuring SNI certificates. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Example
                                                                                                                                                                          
+
                                                                                                                                                                          Name
                                                                                                                                                                          
+
                                                                                                                                                                          Enter an ingress name.
                                                                                                                                                                          
+
                                                                                                                                                                          ingress-test
                                                                                                                                                                          
+
                                                                                                                                                                          Load Balancer
                                                                                                                                                                          
+
                                                                                                                                                                          Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          Shared
                                                                                                                                                                          
+
                                                                                                                                                                          Listener
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: Select HTTPS when configuring a certificate for an ingress.
                                                                                                                                                                          • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                                                          • Certificate Source: Select TLS secret.
                                                                                                                                                                          • Server Certificate: kubernetes.io/tls and IngressTLS are supported.
                                                                                                                                                                            If no certificate is available, you can create a TLS certificate. For details about the configuration parameters, see Creating a Secret.
                                                                                                                                                                            
+
                                                                                                                                                                          • SNI: Enter a domain name and select a certificate. The SNI certificate must contain the domain name information. SNI certificates support two TLS secret types: kubernetes.io/tls and IngressTLS.
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: HTTPS
                                                                                                                                                                          • External Port: 443
                                                                                                                                                                          • Certificate Source: TLS secret
                                                                                                                                                                          • Server Certificate: test
                                                                                                                                                                          • SNI:
                                                                                                                                                                            • Domain Name: example.com
                                                                                                                                                                            • Certificate: example-test
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding Policy
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                          • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                          • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                          • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                          • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: example.com
                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                          • Path: /
                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl to Configure an SNI Certificate
                                                                                                                                                                         
                                                                                                                                                                        • The SNI option is available only when HTTPS is used.
                                                                                                                                                                        
+
                                                                                                                                                                        • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                                                                        • Security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.11 or later.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the sni-test-secret SNI certificate is used as an example. The specified domain name must be the same as that of the SNI certificate.
                                                                                                                                                                        
+
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          An example YAML file of an ingress associated with an automatically created load balancer is as follows:
                                                                                                                                                                          
 
                                                                                                                                                                          For clusters of v1.21 or earlier:
                                                                                                                                                                          apiVersion: networking.k8s.io/v1beta1
 kind: Ingress 
 metadata: 
@@ -34,13 +89,10 @@ spec:
   tls: 
   - secretName: ingress-test-secret
   - hosts:
-      - example.top  # Domain name specified when a certificate is issued
-    secretName: sni-test-secret-1  
-  - hosts:
       - example.com  # Domain name specified when a certificate is issued
-    secretName: sni-test-secret-2
+    secretName: sni-test-secret   #SNI certificate
   rules: 
-  - host: example.com
+  - host: example.com   #The domain name must be the same as the value of hosts in the tls field.
     http: 
       paths: 
       - path: '/'
@@ -73,16 +125,13 @@ metadata:
        }'
     kubernetes.io/elb.tls-ciphers-policy: tls-1-2
 spec:
-  tls: 
-  - secretName: ingress-test-secret
-  - hosts:
-      - example.top  # Domain name specified when a certificate is issued
-    secretName: sni-test-secret-1  
-  - hosts:
+  tls: 
+  - secretName: ingress-test-secret 
+  - hosts:
       - example.com  # Domain name specified when a certificate is issued
-    secretName: sni-test-secret-2
+    secretName: sni-test-secret #SNI certificate
   rules: 
-  - host: example.com
+  - host: example.com   #The domain name must be the same as the value of hosts in the tls field.
     http: 
       paths: 
       - path: '/'
@@ -90,16 +139,160 @@ spec:
           service:
             name: <your_service_name>  # Replace it with the name of your target Service.
             port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
+              number: 80             # Replace 80 with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
   ingressClassName: cce 
                                                                                                                                                                          
 
                                                                                                                                                                          
+
                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                          
+
                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          NAME           CLASS  HOSTS          ADDRESS          PORTS   AGE
+ingress-test   cce    example.com    121.**.**.**     80,443  10s
                                                                                                                                                                          
+
                                                                                                                                                                        5. Use HTTPS to access the ingress. ${ELB_IP} specifies the IP address accessed by the target ingress.
                                                                                                                                                                          curl -H "Host:example.com" -k https://${ELB_IP}:443 
                                                                                                                                                                          
+
                                                                                                                                                                          If the ingress can be accessed, the certificate is configured.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console to Configure an SNI Certificate Created on the ELB Console
                                                                                                                                                                         
                                                                                                                                                                        • If both an ELB certificate and a TLS certificate are specified for the same ingress, the ingress will use the ELB certificate.
                                                                                                                                                                        • CCE does not check whether an ELB certificate is valid. It only checks whether the certificate is present.
                                                                                                                                                                        • Only ingresses in clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later support ELB certificates.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                                                           
                                                                                                                                                                          This example explains only key parameters for configuring SNI certificates. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 2 Key parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Example
                                                                                                                                                                          
+
                                                                                                                                                                          Name
                                                                                                                                                                          
+
                                                                                                                                                                          Enter an ingress name.
                                                                                                                                                                          
+
                                                                                                                                                                          ingress-test
                                                                                                                                                                          
+
                                                                                                                                                                          Load Balancer
                                                                                                                                                                          
+
                                                                                                                                                                          Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          Shared
                                                                                                                                                                          
+
                                                                                                                                                                          Listener
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: Select HTTPS.
                                                                                                                                                                          • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                                                          • Certificate Source: Select ELB server certificate.
                                                                                                                                                                          • Server Certificate: Use a certificate created on ELB.
                                                                                                                                                                            If no certificate is available, go to the ELB console and create one.
                                                                                                                                                                            
+
                                                                                                                                                                          • SNI: Select the corresponding SNI certificate, which must contain the domain name information.
                                                                                                                                                                            If no certificate is available, go to the ELB console and create one.
                                                                                                                                                                            
+
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: HTTPS
                                                                                                                                                                          • External Port: 443
                                                                                                                                                                          • Certificate Source: ELB server certificate
                                                                                                                                                                          • Server Certificate: cert-test
                                                                                                                                                                          • SNI: cert-example
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding Policy
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                          • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                          • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                          • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                          • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: You do not need to configure this parameter.
                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                          • Path: /
                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl to Configure an SNI Certificate Created on the ELB Console
                                                                                                                                                                        To use an ELB certificate for an ingress, you can specify the kubernetes.io/elb.tls-certificate-ids annotation.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        • If both an ELB certificate and a TLS certificate are specified for the same ingress, the ingress will use the ELB certificate.
                                                                                                                                                                        • CCE does not check whether an ELB certificate is valid. It only checks whether the certificate is present.
                                                                                                                                                                        • Only ingresses in clusters of v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later support ELB certificates.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                                                          
+
                                                                                                                                                                          For clusters of v1.21 or earlier:
                                                                                                                                                                          
+
                                                                                                                                                                          apiVersion: networking.k8s.io/v1beta1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/ingress.class: cce
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.id: 0b9a6c4d-bd8b-45cc-bfc8-ff0f9da54e95
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.tls-certificate-ids: 058cc023690d48a3867ad69dbe9cd6e5,b98382b1f01c473286653afd1ed9ab63
+spec:
+  rules: 
+  - host: ''
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                          
+
                                                                                                                                                                          For clusters of v1.23 or later:
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-test
+  namespace: default
+  annotations:
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.id: 0b9a6c4d-bd8b-45cc-bfc8-ff0f9da54e95
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.tls-certificate-ids: 058cc023690d48a3867ad69dbe9cd6e5,b98382b1f01c473286653afd1ed9ab63
+spec:
+  rules:
+    - host: ''
+      http:
+        paths:
+          - path: '/'
+            backend:
+              service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+                port: 
+                  number: 80             # Replace 80 with the port number of your target Service.
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+            pathType: ImplementationSpecific
+  ingressClassName: cce
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 3 Key parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                                                          
+
                                                                                                                                                                          If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                                                                          
+
                                                                                                                                                                          To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                          
+
                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80,443  10s
                                                                                                                                                                          
+
                                                                                                                                                                        5. Use HTTPS to access the ingress. ${ELB_IP} specifies the IP address accessed by the target ingress.
                                                                                                                                                                          curl -H "Host:example.com" -k https://${ELB_IP}:443 
                                                                                                                                                                          
+
                                                                                                                                                                          If the ingress can be accessed, the certificate is configured.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                        
 
 
diff --git a/docs/cce/umn/cce_10_0689.html b/docs/cce/umn/cce_10_0689.html
index 2069789a2..033b78d07 100644
--- a/docs/cce/umn/cce_10_0689.html
+++ b/docs/cce/umn/cce_10_0689.html
@@ -1,41 +1,157 @@
 
 
-
                                                                                                                                                                        Routing a LoadBalancer Ingress to Multiple Services
                                                                                                                                                                        
-
                                                                                                                                                                        Ingresses can route to multiple backend Services based on different matching policies. The spec field in the YAML file is set as below. You can access www.example.com/foo, www.example.com/bar, and foo.example.com/ to route to three different backend Services.
                                                                                                                                                                        
+
                                                                                                                                                                        Configuring Multiple Forwarding Policies for a LoadBalancer Ingress
                                                                                                                                                                        
+
                                                                                                                                                                        An ingress can route requests to multiple backend Services based on different matching policies. For example, requests can be routed to three different backend Services separately by accessing www.example.com/foo, www.example.com/bar, and foo.example.com/.
                                                                                                                                                                        
 
                                                                                                                                                                         
                                                                                                                                                                        The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                                                                                                                        
 
                                                                                                                                                                        For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        ...
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                                                           
                                                                                                                                                                          This example explains only key parameters for configuring forwarding policies. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Example
                                                                                                                                                                          
+
                                                                                                                                                                          Name
                                                                                                                                                                          
+
                                                                                                                                                                          Enter an ingress name.
                                                                                                                                                                          
+
                                                                                                                                                                          ingress-test
                                                                                                                                                                          
+
                                                                                                                                                                          Load Balancer
                                                                                                                                                                          
+
                                                                                                                                                                          Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          Shared
                                                                                                                                                                          
+
                                                                                                                                                                          Listener
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: HTTP and HTTPS are available.
                                                                                                                                                                          • External Port: specifies the port of the load balancer listener.
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: HTTP
                                                                                                                                                                          • External Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding Policy
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                          • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                          • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                          • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                          • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding rule 1:
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: www.example.com
                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                          • Path: /foo
                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding rule 2:
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: www.example.com
                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                          • Path: /bar
                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding rule 3:
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: foo.example.com
                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                          • Path: /
                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                                                          
+
                                                                                                                                                                          For clusters of v1.23 or later:
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.id: <your_elb_id>  #Replace it with the ID of your existing load balancer.
+    kubernetes.io/elb.class: performance  # Load balancer type
+    kubernetes.io/elb.port: '80'
 spec:
   rules: 
-  - host: 'www.example.com'
+  - host: 'www.example.com'
     http: 
       paths: 
-      - path: '/foo'
+      - path: '/foo'
+        backend: 
+          service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+            port: 
+              number: 80             # Replace 80 with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+        pathType: ImplementationSpecific
+      - path: '/bar'
+        backend: 
+          service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+            port: 
+              number: 80             # Replace 80 with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+        pathType: ImplementationSpecific
+  - host: 'foo.example.com'
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+            port: 
+              number: 80             # Replace 80 with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+        pathType: ImplementationSpecific
+  ingressClassName: cce               
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          For clusters of v1.21 or earlier:
                                                                                                                                                                          
+
                                                                                                                                                                          apiVersion: networking.k8s.io/v1beta1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/ingress.class: cce
+    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.id: <your_elb_id>  #Replace it with the ID of your existing load balancer.
+    kubernetes.io/elb.class: performance  # Load balancer type
+spec:
+  rules: 
+  - host: 'www.example.com'
+    http: 
+      paths: 
+      - path: '/foo'
         backend: 
           serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
+          servicePort: 80
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-      - path: '/bar'
+      - path: '/bar'
         backend:
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-  - host: 'foo.example.com'
+  - host: 'foo.example.com'
     http:
       paths:
-      - path: '/'
+      - path: '/'
         backend:
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                          
+
                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                          
+
                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          NAME           CLASS  HOSTS                               ADDRESS          PORTS   AGE
+ingress-test   cce    www.example.com,foo.example.com     121.**.**.**     80      10s
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                        
 
 
diff --git a/docs/cce/umn/cce_10_0691.html b/docs/cce/umn/cce_10_0691.html
index 4f3203eac..9b16575bc 100644
--- a/docs/cce/umn/cce_10_0691.html
+++ b/docs/cce/umn/cce_10_0691.html
@@ -3,9 +3,58 @@
 
                                                                                                                                                                        Configuring HTTPS Backend Services for a LoadBalancer Ingress
                                                                                                                                                                        
 
                                                                                                                                                                        Ingresses can interconnect with backend services of different protocols. By default, the backend proxy channel of an ingress is HTTP-compliant. To create an HTTPS channel, add the following configuration to the annotations field:
                                                                                                                                                                        
 
                                                                                                                                                                        kubernetes.io/elb.pool-protocol: https
                                                                                                                                                                        
-
                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                        • This function is available only in clusters of v1.23.8, v1.25.3, or later.
                                                                                                                                                                        • Ingresses can interconnect with HTTPS backend services only when dedicated load balancers are used.
                                                                                                                                                                        • When an ingress interconnects with an HTTPS backend service, the ingress protocol must be HTTPS.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                          • v1.23: v1.23.8-r0 or later
                                                                                                                                                                          • v1.25: v1.25.3-r0 or later
                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                          
+
                                                                                                                                                                        • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                                                        • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                                                        • You can obtain a trusted certificate from a certificate provider. 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Configuration Example
                                                                                                                                                                        An ingress configuration example is as follows:
                                                                                                                                                                        
+
                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                        • Ingresses can interconnect with HTTPS backend services only when dedicated load balancers are used.
                                                                                                                                                                        • When an ingress interconnects with an HTTPS backend service, the ingress protocol must be HTTPS.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console to Configure an HTTPS Backend Service
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                                                           
                                                                                                                                                                          This example explains only key parameters for configuring HTTPS backend Services. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Example
                                                                                                                                                                          
+
                                                                                                                                                                          Name
                                                                                                                                                                          
+
                                                                                                                                                                          Enter an ingress name.
                                                                                                                                                                          
+
                                                                                                                                                                          ingress-test
                                                                                                                                                                          
+
                                                                                                                                                                          Load Balancer
                                                                                                                                                                          
+
                                                                                                                                                                          Select a load balancer to be associated with the ingress or automatically create a load balancer. In this example, only dedicated load balancers are supported.
                                                                                                                                                                          
+
                                                                                                                                                                          Dedicated
                                                                                                                                                                          
+
                                                                                                                                                                          Listener
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: Select HTTPS for an HTTPS backend Service for an ingress.
                                                                                                                                                                          • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                                                          • Certificate Source: Select ELB server certificate.
                                                                                                                                                                          • Server Certificate: Use a certificate created on ELB.
                                                                                                                                                                            If no certificate is available, go to the ELB console and create one.
                                                                                                                                                                            
+
                                                                                                                                                                          • Backend Protocol: Select HTTPS.
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: HTTPS
                                                                                                                                                                          • External Port: 443
                                                                                                                                                                          • Certificate Source: ELB server certificate
                                                                                                                                                                          • Server Certificate: cert-test
                                                                                                                                                                          • Backend Protocol: HTTPS
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding Policy
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                          • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                          • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                          • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                          • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: You do not need to configure this parameter.
                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                          • Path: /
                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl to Configure an HTTPS Backend Service
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                                                          
 
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -34,11 +83,19 @@ spec:
               ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
             pathType: ImplementationSpecific
   ingressClassName: cce
                                                                                                                                                                          
+
                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                          
+
                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80,443  10s
                                                                                                                                                                          
+
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
 
diff --git a/docs/cce/umn/cce_10_0692.html b/docs/cce/umn/cce_10_0692.html
index 18abbbb3d..155112913 100644
--- a/docs/cce/umn/cce_10_0692.html
+++ b/docs/cce/umn/cce_10_0692.html
@@ -8,17 +8,13 @@
 
 
                                                                                                                                                                        
 
 
diff --git a/docs/cce/umn/cce_10_0693.html b/docs/cce/umn/cce_10_0693.html
index a740bcf7e..50d60ac7e 100644
--- a/docs/cce/umn/cce_10_0693.html
+++ b/docs/cce/umn/cce_10_0693.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                        Configuring an HTTPS Certificate for an Nginx Ingress
                                                                                                                                                                        
 
                                                                                                                                                                        HTTPS certificates can be configured for ingresses to provide security services.
                                                                                                                                                                        
 
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                                                                                                          Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
                                                                                                                                                                          
-
                                                                                                                                                                          vi ingress-test-secret.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          vi ingress-test-secret.yaml
                                                                                                                                                                          
 
                                                                                                                                                                          The YAML file is configured as follows:
                                                                                                                                                                          apiVersion: v1
 data:
   tls.crt: LS0******tLS0tCg==
@@ -18,15 +18,15 @@ metadata:
 
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                        3. Create a secret.
                                                                                                                                                                          kubectl create -f ingress-test-secret.yaml
                                                                                                                                                                          
+
                                                                                                                                                                        4. Create a secret.
                                                                                                                                                                          kubectl create -f ingress-test-secret.yaml
                                                                                                                                                                          
 
                                                                                                                                                                          If information similar to the following is displayed, the secret has been created:
                                                                                                                                                                          
 
                                                                                                                                                                          secret/ingress-test-secret created
                                                                                                                                                                          
-
                                                                                                                                                                          View the created secret.
                                                                                                                                                                          
-
                                                                                                                                                                          kubectl get secrets
                                                                                                                                                                          
+
                                                                                                                                                                          Check the created secret.
                                                                                                                                                                          
+
                                                                                                                                                                          kubectl get secrets
                                                                                                                                                                          
 
                                                                                                                                                                          If information similar to the following is displayed, the secret has been created:
                                                                                                                                                                          
 
                                                                                                                                                                          NAME                         TYPE                                  DATA      AGE
 ingress-test-secret          IngressTLS                            2         13s
                                                                                                                                                                          
-
                                                                                                                                                                        5. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                        6. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
 
                                                                                                                                                                          For clusters of v1.23 or later:
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
@@ -73,20 +73,19 @@ spec:
           servicePort: <your_service_port>  # Replace it with the port number of your target Service.
   ingressClassName: nginx
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                        7. Create an ingress.
                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                          
-
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created.
                                                                                                                                                                          
+
                                                                                                                                                                        8. Create an ingress.
                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
 
                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                          
-
                                                                                                                                                                          View the created ingress.
                                                                                                                                                                          
-
                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                          
-
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created and the workload is accessible.
                                                                                                                                                                          
-
                                                                                                                                                                          NAME             HOSTS     ADDRESS          PORTS   AGE
-ingress-test     *         121.**.**.**     80      10s
                                                                                                                                                                          
+
                                                                                                                                                                        9. Check the created ingress.
                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          NAME          CLASS   HOSTS     ADDRESS          PORTS   AGE
+ingress-test  nginx   *         121.**.**.**     80      10s
                                                                                                                                                                          
 
                                                                                                                                                                        10. Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                                                                          121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
 
diff --git a/docs/cce/umn/cce_10_0694.html b/docs/cce/umn/cce_10_0694.html
index 29bd566ce..b07f29c2f 100644
--- a/docs/cce/umn/cce_10_0694.html
+++ b/docs/cce/umn/cce_10_0694.html
@@ -1,11 +1,60 @@
 
 
 
                                                                                                                                                                        Configuring HTTP/2 for a LoadBalancer Ingress
                                                                                                                                                                        
-
                                                                                                                                                                        Ingresses can use HTTP/2 to expose Services. Connections from the load balancer to your application use HTTP/1.x by default. If your application is capable of receiving HTTP/2 requests, you can add the following field to the ingress annotation to enable the use of HTTP/2:
                                                                                                                                                                        
+
                                                                                                                                                                        Ingresses can use HTTP/2 to expose Services. Connections from the load balancer to your application use HTTP/1.x by default. If your application is capable of receiving HTTP/2 requests, you can add the following configuration to the annotation to enable the use of HTTP/2:
                                                                                                                                                                        
 
                                                                                                                                                                        kubernetes.io/elb.http2-enable: 'true'
                                                                                                                                                                        
-
                                                                                                                                                                         
                                                                                                                                                                        • An HTTPS-compliant load balancer supports HTTP/2.
                                                                                                                                                                        • This function is available in clusters of version v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, or v1.28.3-r0.
                                                                                                                                                                        • After HTTP/2 is configured, if you delete the advanced configuration for enabling HTTP/2 on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                        
+
                                                                                                                                                                        Prerequisites
                                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                          • v1.23: v1.23.13-r0 or later
                                                                                                                                                                          • v1.25: v1.25.8-r0 or later
                                                                                                                                                                          • v1.27: v1.27.5-r0 or later
                                                                                                                                                                          • v1.28: v1.28.3-r0 or later
                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                          
+
                                                                                                                                                                        • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                                                        • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                                                        • You can obtain a trusted certificate from a certificate provider. 
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                        • Only an HTTPS-compliant load balancer supports HTTP/2.
                                                                                                                                                                        • After HTTP/2 is configured, if you delete the advanced configuration for enabling HTTP/2 on the CCE console or delete the target annotation from the YAML file, HTTP/2 will be disabled on the ELB.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using the CCE Console to Configure HTTP/2
                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                        2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                                                           
                                                                                                                                                                          This example explains only key parameters for configuring HTTP/2. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          The following shows an example YAML file where an existing load balancer is associated:
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Example
                                                                                                                                                                          
+
                                                                                                                                                                          Name
                                                                                                                                                                          
+
                                                                                                                                                                          Enter an ingress name.
                                                                                                                                                                          
+
                                                                                                                                                                          ingress-test
                                                                                                                                                                          
+
                                                                                                                                                                          Load Balancer
                                                                                                                                                                          
+
                                                                                                                                                                          Select a load balancer to be associated with the ingress or automatically create a load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          Shared
                                                                                                                                                                          
+
                                                                                                                                                                          Listener
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: Select HTTPS.
                                                                                                                                                                          • External Port: specifies the port of the load balancer listener. The default HTTPS port is 443.
                                                                                                                                                                          • Certificate Source: Select ELB server certificate.
                                                                                                                                                                          • Server Certificate: Use a certificate created on ELB.
                                                                                                                                                                            If no certificate is available, go to the ELB console and create one.
                                                                                                                                                                            
+
                                                                                                                                                                          • Advanced Options: Add advanced configurations, select HTTP2, and set its status to Enable.
                                                                                                                                                                          
+
                                                                                                                                                                          • External Protocol: HTTPS
                                                                                                                                                                          • External Port: 443
                                                                                                                                                                          • Certificate Source: ELB server certificate
                                                                                                                                                                          • Server Certificate: cert-test
                                                                                                                                                                          • Advanced Options: HTTP2 enabled
                                                                                                                                                                          
+
                                                                                                                                                                          Forwarding Policy
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                          • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                          • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                          • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                          • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                          
+
                                                                                                                                                                          • Domain Name: You do not need to configure this parameter.
                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                          • Path: /
                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                        4. Click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Using kubectl to Configure HTTP/2
                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
@@ -26,30 +75,30 @@ spec:
           service:
             name: <your_service_name>  # Replace it with the name of your target Service.
             port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
+              number: 80             # Replace 80 with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
   ingressClassName: cce 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
-
                                                                                                                                                                          Table 1 HTTP/2 parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          
-
-
-
-
-
-
-
                                                                                                                                                                          Table 2 HTTP/2 parameters
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Mandatory
                                                                                                                                                                          
+
                                                                                                                                                                          Mandatory
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.http2-enable
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.http2-enable
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                                          
+
                                                                                                                                                                          Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                                          
 
                                                                                                                                                                          Options:
                                                                                                                                                                          
 
                                                                                                                                                                          • true: enabled
                                                                                                                                                                          • false: disabled (default value)
                                                                                                                                                                          
 
                                                                                                                                                                          Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                                                          
@@ -58,10 +107,19 @@ spec:
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
+
                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                          
+
                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                          
+
                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                          
+
                                                                                                                                                                          NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80,443  10s
                                                                                                                                                                          
+
                                                                                                                                                                          5. 
+
 
 
 
diff --git a/docs/cce/umn/cce_10_0695.html b/docs/cce/umn/cce_10_0695.html
index bfd297f62..f376347d2 100644
--- a/docs/cce/umn/cce_10_0695.html
+++ b/docs/cce/umn/cce_10_0695.html
@@ -1,213 +1,270 @@
 
 
-
                                                                                                                                                                          Configuring a LoadBalancer Ingress Using Annotations
                                                                                                                                                                          
+
                                                                                                                                                                          Annotations for Configuring LoadBalancer Ingresses
                                                                                                                                                                          
 
                                                                                                                                                                          You can add annotations to a YAML file for more advanced ingress functions. This section describes the annotations that can be used when you create a LoadBalancer ingress.
                                                                                                                                                                          
-
-
                                                                                                                                                                          Interconnection with ELB
                                                                                                                                                                          
-
                                                                                                                                                                          Table 1 Annotations for interconnecting with ELB
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Indexes
                                                                                                                                                                          
+
                                                                                                                                                                          
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Category
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
-
                                                                                                                                                                          Description
                                                                                                                                                                          
-
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          Ingress Annotation
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.class
                                                                                                                                                                          
+
                                                                                                                                                                          Load balancer configuration
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+                                                                                                                                                                          		
 
                                                                                                                                                                          Select a proper load balancer type.
                                                                                                                                                                          
+
                                                                                                                                                                          Port or protocol configuration
                                                                                                                                                                          
+                                                                                                                                                                          		
+
                                                                                                                                                                          Advanced features of ELB listeners
                                                                                                                                                                          
+                                                                                                                                                                          		
+
                                                                                                                                                                          Forwarding policy
                                                                                                                                                                          
+                                                                                                                                                                          		
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Basic Configurations for Interconnecting with ELB
                                                                                                                                                                          Application scenarios and use cases:
+
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                          Table 1 Annotations for interconnecting with ELB
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.class
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Select a proper load balancer type.
                                                                                                                                                                          
 
                                                                                                                                                                          • union: shared load balancer
                                                                                                                                                                          • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/ingress.class
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/ingress.class
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          • cce: A proprietary LoadBalancer ingress is used.
                                                                                                                                                                          • nginx: Nginx Ingress is used.
                                                                                                                                                                          
+
                                                                                                                                                                          • cce: A proprietary LoadBalancer ingress is used.
                                                                                                                                                                          • nginx: Nginx Ingress is used.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                                                                          
-
                                                                                                                                                                          For clusters of v1.23 or later, use the parameter ingressClassName. For details, see Using kubectl to Create a LoadBalancer Ingress.
                                                                                                                                                                          
+
                                                                                                                                                                          For clusters of v1.23 or later, use the parameter ingressClassName. For details, see Creating a LoadBalancer Ingress Using kubectl.
                                                                                                                                                                          
 
                                                                                                                                                                          Only clusters of v1.21 or earlier
                                                                                                                                                                          
+
                                                                                                                                                                          Only clusters of v1.21 or earlier
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.port
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.port
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                                                                          
+
                                                                                                                                                                          This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                                                                          
 
                                                                                                                                                                          The value ranges from 1 to 65535.
                                                                                                                                                                          
 
                                                                                                                                                                           NOTE: 
                                                                                                                                                                          Some ports are high-risk ports and are blocked by default, for example, port 21.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.id
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.id
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                                                          
+
                                                                                                                                                                          Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                                                          
 
                                                                                                                                                                          ID of a load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                          How to obtain:
                                                                                                                                                                          
 
                                                                                                                                                                          On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.ip
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.ip
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                                                          
+
                                                                                                                                                                          Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                                                          
 
                                                                                                                                                                          Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.autocreate
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.autocreate
                                                                                                                                                                          
 
                                                                                                                                                                          Table 10 Object
                                                                                                                                                                          
+
                                                                                                                                                                          Table 14 Object
                                                                                                                                                                          
 
                                                                                                                                                                          Mandatory when load balancers are automatically created.
                                                                                                                                                                          
+
                                                                                                                                                                          Mandatory when load balancers are automatically created.
                                                                                                                                                                          
 
                                                                                                                                                                          Example
                                                                                                                                                                          
-
                                                                                                                                                                          • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                            '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                                                            
-
                                                                                                                                                                          • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                            {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                                            
+
                                                                                                                                                                            • Automatically created shared load balancer with an EIP bound:
                                                                                                                                                                              '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                                                              
+
                                                                                                                                                                            • Automatically created shared load balancer with no EIP bound:
                                                                                                                                                                              {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                                              
 
                                                                                                                                                                            
 
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.9 or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.subnet-id
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.subnet-id
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Optional when load balancers are automatically created.
                                                                                                                                                                          
+
                                                                                                                                                                          Optional when load balancers are automatically created.
                                                                                                                                                                          
 
                                                                                                                                                                          ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                                                          
-
                                                                                                                                                                          • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                                                          • Optional for clusters later than v1.11.7-r0.
                                                                                                                                                                          
+
                                                                                                                                                                          • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                                                          • Optional for clusters of a version later than v1.11.7-r0.
                                                                                                                                                                          
 
                                                                                                                                                                          Mandatory for clusters earlier than v1.11.7-r0
                                                                                                                                                                          
-
                                                                                                                                                                          Discarded in clusters later than v1.11.7-r0
                                                                                                                                                                          
+
                                                                                                                                                                          Mandatory for clusters earlier than v1.11.7-r0
                                                                                                                                                                          
+
                                                                                                                                                                          Discarded in clusters of a version later than v1.11.7-r0
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          The following shows how to use the preceding annotations:
 
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          Using HTTP/2
                                                                                                                                                                          
-
                                                                                                                                                                          Table 2 Annotations of using HTTP/2
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring ELB Certificates
                                                                                                                                                                          For details about application scenarios and use cases, see Using kubectl to Configure a Certificate Created on the ELB Console.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
-
-
-
-
-
-
+
+
+
+
                                                                                                                                                                          Table 2 ELB certificate annotations
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
 
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.http2-enable
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                                          
+
                                                                                                                                                                          ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                                                          
+
                                                                                                                                                                          To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                          
+
                                                                                                                                                                          v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Adding Resource Tags
                                                                                                                                                                          For details about application scenarios and use cases, see Automatically Creating a Load Balancer While Creating an Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 3 Annotations
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.tags
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Add resource tags to a load balancer. This parameter can be configured only when a load balancer is automatically created.
                                                                                                                                                                          
+
                                                                                                                                                                          A tag is in the format of "key=value". Use commas (,) to separate multiple tags.
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Using HTTP/2
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring HTTP/2 for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
-
                                                                                                                                                                          Table 4 Annotations for using HTTP/2
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.http2-enable
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP/1.x to forward requests to the backend server.
                                                                                                                                                                          
 
                                                                                                                                                                          Options:
                                                                                                                                                                          
 
                                                                                                                                                                          • true: enabled
                                                                                                                                                                          • false: disabled (default value)
                                                                                                                                                                          
 
                                                                                                                                                                          Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          For details, see Configuring HTTP/2 for a LoadBalancer Ingress.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Configuring ELB Certificates
                                                                                                                                                                          
-
                                                                                                                                                                          Table 3 ELB certificate annotations
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Interconnecting with HTTPS Backend Services
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring HTTPS Backend Services for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
-
-
-
-
-
-
-
                                                                                                                                                                          Table 5 Annotations for interconnecting with HTTPS backend services
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
 
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.tls-certificate-ids
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.pool-protocol
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          ELB certificate IDs, which are separated by comma (,). The list length is greater than or equal to 1. The first ID in the list is the server certificate, and the other IDs are SNI certificates in which a domain name must be contained.
                                                                                                                                                                          
-
                                                                                                                                                                          To obtain the certificate, log in to the CCE console, choose Service List > Networking > Elastic Load Balance, and click Certificates in the navigation pane. In the load balancer list, copy the ID under the target certificate name.
                                                                                                                                                                          
+
                                                                                                                                                                          To interconnect with HTTPS backend services, set this parameter to https.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.19.16-r2, v1.21.5-r0, v1.23.3-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.8, v1.25.3, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          For details, see Using the ELB Certificate.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Interconnecting with HTTPS Backend Services
                                                                                                                                                                          
-
                                                                                                                                                                          Table 4 Annotations for interconnecting with HTTPS backend services
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring Timeout for an Ingress
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring Timeout for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                          Table 6 Annotations for configuring timeout of an ingress
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
 
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.pool-protocol
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.keepalive_timeout
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          To interconnect with HTTPS backend services, set this parameter to https.
                                                                                                                                                                          
-
                                                                                                                                                                          v1.23.8, v1.25.3, or later
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          For details, see Configuring HTTPS Backend Services for a LoadBalancer Ingress.
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          Configuring Timeout for an Ingress
                                                                                                                                                                          
-
                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
                                                                                                                                                                          Table 5 Annotations of configuring ingress redirection rules
                                                                                                                                                                          Parameter
                                                                                                                                                                          
-
                                                                                                                                                                          Type
                                                                                                                                                                          
-
                                                                                                                                                                          Description
                                                                                                                                                                          
-
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
-
                                                                                                                                                                          kubernetes.io/elb.keepalive_timeout
                                                                                                                                                                          
-
                                                                                                                                                                          String
                                                                                                                                                                          
-
                                                                                                                                                                          Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                          
+
                                                                                                                                                                          Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                          
 
                                                                                                                                                                          Value:
                                                                                                                                                                          
 
                                                                                                                                                                          • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                                          • For HTTP or HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                                                          
 
                                                                                                                                                                          For UDP listeners, this parameter does not take effect.
                                                                                                                                                                          
 
                                                                                                                                                                          Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                                          
+
                                                                                                                                                                          Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                                          
 
                                                                                                                                                                          Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.client_timeout
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.client_timeout
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                          
+
                                                                                                                                                                          Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                          
 
                                                                                                                                                                          • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                                          • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                                          
 
                                                                                                                                                                          The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only for HTTP and HTTPS listeners.
                                                                                                                                                                          
@@ -215,334 +272,399 @@
 
                                                                                                                                                                          Maximum value: 300
                                                                                                                                                                          
 
                                                                                                                                                                          Default value: 60
                                                                                                                                                                          
 
                                                                                                                                                                          Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                                          
-
                                                                                                                                                                          Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                                          
-                                                                                                                                                                          		
 
                                                                                                                                                                          kubernetes.io/elb.member_timeout
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.member_timeout
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                          
+
                                                                                                                                                                          Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                          
 
                                                                                                                                                                          The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only for HTTP and HTTPS listeners.
                                                                                                                                                                          
 
                                                                                                                                                                          Minimum value: 1
                                                                                                                                                                          
 
                                                                                                                                                                          Maximum value: 300
                                                                                                                                                                          
 
                                                                                                                                                                          Default value: 60
                                                                                                                                                                          
 
                                                                                                                                                                          Dedicated load balancers: v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, or later
                                                                                                                                                                          
-
                                                                                                                                                                          Shared load balancers: v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring a Slow Start
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring a Slow Start for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 7 Annotations for configuring a slow start
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.slowstart
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Duration of slow start, in seconds.
                                                                                                                                                                          
+
                                                                                                                                                                          The slow start duration ranges from 30 to 1200.
                                                                                                                                                                          
+
                                                                                                                                                                          • This configuration applies only to dedicated load balancers.
                                                                                                                                                                          • Valid only when the allocation policy of the target Service is weighted round robin (WRR) and sticky session is disabled.
                                                                                                                                                                          
+
                                                                                                                                                                           NOTE: 
                                                                                                                                                                          The load balancer linearly increases the proportion of requests to backend servers in slow start mode. When the configured slow start duration elapses, the load balancer sends full share of requests to backend servers and exits the slow start mode.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23 or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          For details, see Configuring Timeout for a LoadBalancer Ingress.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Adding Resource Tags
                                                                                                                                                                          
-
                                                                                                                                                                          Table 6 Annotations
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Blocklist/Trustlist
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                          Table 8 Annotations for ELB access control
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
 
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.tags
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.acl-id
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Add resource tags to a load balancer. This parameter can be configured only when a load balancer is automatically created.
                                                                                                                                                                          
-
                                                                                                                                                                          A tag is in the format of "key=value". Use commas (,) to separate multiple tags.
                                                                                                                                                                          
-
                                                                                                                                                                          v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          For details, see Creating an Ingress - Automatically Creating a Load Balancer.
                                                                                                                                                                          
-
                                                                                                                                                                          
-
                                                                                                                                                                          Blocklist/Trustlist
                                                                                                                                                                          
-
                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                          Table 7 Annotations for ELB access control
                                                                                                                                                                          Parameter
                                                                                                                                                                          
-
                                                                                                                                                                          Type
                                                                                                                                                                          
-
                                                                                                                                                                          Description
                                                                                                                                                                          
-
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
-
                                                                                                                                                                          kubernetes.io/elb.acl-id
                                                                                                                                                                          
-
                                                                                                                                                                          String
                                                                                                                                                                          
-
                                                                                                                                                                          • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                          • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                          • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                            How to obtain:
                                                                                                                                                                            
+
                                                                                                                                                                          • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                          • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                          • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                            How to obtain:
                                                                                                                                                                            
 
                                                                                                                                                                            Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                                            
 
                                                                                                                                                                          
 
                                                                                                                                                                          v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.acl-status
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.acl-status
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Access control status. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                          
+
                                                                                                                                                                          Access control status. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                          
 
                                                                                                                                                                          • on: Access control is enabled.
                                                                                                                                                                          • off: Access control is disabled.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          kubernetes.io/elb.acl-type
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.acl-type
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          IP address list type. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                          
+
                                                                                                                                                                          IP address list type. This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                          
 
                                                                                                                                                                          • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                                                                                          • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.12-r0, v1.25.7-r0, v1.27.4-r0, v1.28.2-r0, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          For details, see Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Configuring a Custom Listening Port
                                                                                                                                                                          A custom listening port can be configured for an ingress. In this way, both ports 80 and 443 can be exposed.
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring a Range of Listening Ports
                                                                                                                                                                          A custom listening port can be configured for an ingress. In this way, both ports 80 and 443 can be exposed.
                                                                                                                                                                          
 
-
                                                                                                                                                                          Table 8 Annotations for a custom listening port
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          
-
-
-
-
-
-
-
                                                                                                                                                                          Table 9 Annotations for a custom listening port
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
 
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.listen-ports
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.listen-ports
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Create multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                                                          
+
                                                                                                                                                                          Configure multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                                                          
 
                                                                                                                                                                          The following is an example for JSON characters:
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
                                                                                                                                                                          
-
                                                                                                                                                                          • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                                                          • Only newly created ingresses are allowed. Additionally, after multiple listening ports are configured, annotations cannot be modified or deleted.
                                                                                                                                                                          • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                                                          • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports.
                                                                                                                                                                          • Advanced forwarding policies are not supported.
                                                                                                                                                                          
+
                                                                                                                                                                          • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                                                          • This function is available only for newly created ingresses in clusters of a version earlier than v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, or v1.30.4-r0. Additionally, after you configure multiple listening ports, the annotations cannot be modified or deleted. In clusters of v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later, the annotations can be modified or deleted.
                                                                                                                                                                          • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                                                          • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports. When HTTP/2 is enabled for an ingress, HTTP/2 takes effect only on the HTTPS port.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          For example, if an existing ELB is used, the configuration is as follows:
                                                                                                                                                                          
-
                                                                                                                                                                          apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    kubernetes.io/elb.id: 2c623150-17bf-45f1-ae6f-384b036f547e     # ID of an existing load balancer
-    kubernetes.io/elb.class: performance    # Load balancer type
-    kubernetes.io/elb.listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'    # Multi-listener configuration
-    kubernetes.io/elb.tls-certificate-ids: 6cfb43c9de1a41a18478b868e34b0a82,6cfb43c9de1a41a18478b868e34b0a82   # HTTPS certificate configuration
-  name: test-https
-  namespace: default
-spec:
-  ingressClassName: cce
-  rules:
-  - host: example.com
-    http:
-      paths:
-      - backend:
-          service:
-            name: test
-            port:
-              number: 8888
-        path: /
-        pathType: ImplementationSpecific
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                          
 
-
                                                                                                                                                                          Configuring a Custom Header Forwarding Policy
                                                                                                                                                                          
-
                                                                                                                                                                          Table 9 Annotations for configuring a custom header forwarding policy
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring the Priorities of Forwarding Rules
                                                                                                                                                                          When ingresses use the same load balancer listener, forwarding rules can be prioritized based on the following rules:
                                                                                                                                                                          
+
                                                                                                                                                                          • Forwarding rules of different ingresses: The rules are sorted based on the priorities (ranging from 1 to 1000) of the kubernetes.io/elb.ingress-order annotation. A smaller value indicates a higher priority.
                                                                                                                                                                          • Forwarding rules of an ingress: If the kubernetes.io/elb.rule-priority-enabled annotation is set to true, the forwarding rules are sorted based on the sequence in which they are added during ingress creation. A forwarding rule added earlier indicates a higher priority. If the kubernetes.io/elb.rule-priority-enabled annotation is not configured, the default sorting of the forwarding rules on the load balancer will be used.
                                                                                                                                                                          
+
                                                                                                                                                                          If the preceding annotations are not configured, the default sorting of the forwarding rules on the load balancer will be used, regardless of whether the forwarding rules are of the same ingress or different ingresses under the same load balancer listener.
                                                                                                                                                                          
+
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring the Priorities of Forwarding Rules for LoadBalancer Ingresses.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
-
-
-
-
-
-
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 10 Annotations for configuring the priorities of forwarding rules
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
 
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.ingress-order
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                                          
+
                                                                                                                                                                          Specifies the sequence of forwarding rules of different ingresses. The value ranges from 1 to 1000. A smaller value indicates a higher priority. The priority of a forwarding rule must be unique under the same load balancer listener.
                                                                                                                                                                          
+
                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                          
+
                                                                                                                                                                           NOTE: 
                                                                                                                                                                          When this annotation is configured, the kubernetes.io/elb.rule-priority-enabled annotation is enabled by default. The forwarding rules of each ingress will be sorted.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.15-r0, v1.25.10-r0, v1.27.7-r0, v1.28.5-r0, v1.29.1-r10, or later
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.rule-priority-enabled
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          This parameter can only be set to true, indicating to sort the forwarding rules of an ingress. The priorities of the forwarding rules are determined based on the sequence in which they are added during ingress creation. A forwarding rule added earlier indicates a higher priority.
                                                                                                                                                                          
+
                                                                                                                                                                          If this parameter is not configured, the default sorting of the forwarding rules on the load balancer will be used. After this parameter is enabled, it cannot be disabled.
                                                                                                                                                                          
+
                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring a Custom Header Forwarding Policy
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
-
                                                                                                                                                                          Table 11 Annotations for configuring a custom header forwarding policy
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                                          
 
                                                                                                                                                                          Format: a JSON string, for example, {"key": "test", "values": ["value1", "value2"]}
                                                                                                                                                                          
 
                                                                                                                                                                          • key/value indicates the key-value pair of the custom header. A maximum of eight values can be configured.
                                                                                                                                                                            Enter 1 to 40 characters for a key. Only letters, digits, hyphens (-), and underscores (_) are allowed.
                                                                                                                                                                            
 
                                                                                                                                                                            Enter 1 to 128 characters for a value. Asterisks (*) and question marks (?) are allowed, but spaces and double quotation marks are not allowed. An asterisk can match zero or more characters, and a question mark can match one character.
                                                                                                                                                                            
 
                                                                                                                                                                          • Either a custom header or grayscale release can be configured.
                                                                                                                                                                          • Enter 1 to 51 characters for ${svc_name}.
                                                                                                                                                                          
 
                                                                                                                                                                          v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
                                                                                                                                                                           
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          For details, see Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Parameters for Automatically Creating a Load Balancer
                                                                                                                                                                          
-
                                                                                                                                                                          Table 10 elb.autocreate data structure
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring a Custom EIP
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring a Custom EIP for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
-
-
-
-
-
-
-
+
+
+
                                                                                                                                                                          Table 12 Annotations of custom EIP configurations
                                                                                                                                                                          Parameter
                                                                                                                                                                          
 
                                                                                                                                                                          Mandatory
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
 
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
 
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          name
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.custom-eip-id
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          ID of the custom EIP, which can be seen on the EIP console
                                                                                                                                                                          
+
                                                                                                                                                                          The EIP must be bindable.
                                                                                                                                                                          
 
                                                                                                                                                                          Name of the automatically created load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.18-r0, v1.25.13-r0, v1.27.10-r0, v1.28.8-r0, v1.29.4-r0, v1.30.1-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Configuring Advanced Forwarding Rules
                                                                                                                                                                          For details about application scenarios and use cases, see Configuring Advanced Forwarding Rules for a LoadBalancer Ingress.
                                                                                                                                                                          
+
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                          Table 13 Annotations for writing or deleting a header
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                          
+
                                                                                                                                                                          kubernetes.io/elb.conditions.${svc_name}
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Configure an advanced forwarding rule. ${svc_name} indicates the Service name, which contains a maximum of 51 characters.
                                                                                                                                                                          
+
                                                                                                                                                                          If the annotation value is set to [], the advanced forwarding rule is deleted.
                                                                                                                                                                          
+
                                                                                                                                                                          The annotation value is in the form of a JSON array. For details, see Table 2.
                                                                                                                                                                          
+
                                                                                                                                                                           NOTICE: 
                                                                                                                                                                          • Due to ELB API restrictions, a kubernetes.io/elb.conditions.{svcName} can contain a maximum of 10 key-value pairs.
                                                                                                                                                                          • The rules in a condition array are connected by an AND relationship, while the values in the same rule block are connected by an OR relationship. For example, if both Method and QueryString are configured, the target traffic can be distributed only when both rules are met. However, if the Method value is GET or POST, the target traffic can be distributed only when both rules are met and the Method value must be GET or POST.
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          
+
                                                                                                                                                                          Parameters for Automatically Creating a Load Balancer
                                                                                                                                                                          
+
                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0697.html b/docs/cce/umn/cce_10_0697.html
index c0c5a2cb2..bc422b283 100644
--- a/docs/cce/umn/cce_10_0697.html
+++ b/docs/cce/umn/cce_10_0697.html
@@ -4,6 +4,7 @@
 
                                                                                                                                                                          Ingress can function as a proxy for backend services using different protocols. By default, the backend proxy channel of an ingress is an HTTP channel. To create an HTTPS channel, add the following configuration to the annotations field:
                                                                                                                                                                          
 
                                                                                                                                                                          nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
                                                                                                                                                                          
 
                                                                                                                                                                          An ingress configuration example is as follows:
                                                                                                                                                                          
+
                                                                                                                                                                          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                            vi ingress-test.yaml
                                                                                                                                                                            
 
                                                                                                                                                                            For clusters of v1.23 or later:
                                                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
@@ -49,10 +50,18 @@ spec:
               serviceName: <your_service_name>  # Replace it with the name of your target Service.
               servicePort: <your_service_port>  # Replace it with the port number of your target Service.
                                                                                                                                                                            
 
                                                                                                                                                                            
+
                                                                                                                                                                          3. Create an ingress.
                                                                                                                                                                            kubectl create -f ingress-test.yaml
                                                                                                                                                                            
+
                                                                                                                                                                            If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                            
+
                                                                                                                                                                            ingress/ingress-test created
                                                                                                                                                                            
+
                                                                                                                                                                          4. Check the created ingress.
                                                                                                                                                                            kubectl get ingress
                                                                                                                                                                            
+
                                                                                                                                                                            If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                            
+
                                                                                                                                                                            NAME          CLASS   HOSTS     ADDRESS          PORTS   AGE
+ingress-test  nginx   *         121.**.**.**     80      10s
                                                                                                                                                                            
+
                                                                                                                                                                          
 
                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0698.html b/docs/cce/umn/cce_10_0698.html
index 0547f9370..0793db392 100644
--- a/docs/cce/umn/cce_10_0698.html
+++ b/docs/cce/umn/cce_10_0698.html
@@ -6,6 +6,7 @@
 
                                                                                                                                                                          Consistent hashing is a special hash algorithm, which constructs a ring hash space to replace the common linear hash space. When a node is added or deleted, only the target route is migrated clockwise, and other routes do not need to be changed. In this way, rerouting can be reduced as much as possible, resolving the load balancing issue caused by dynamic node addition and deletion.
                                                                                                                                                                          If a consistent hashing rule is configured, the newly added server will share the load of all other servers. Similarly, when a server is removed, all other servers can share the load of the removed server. This balances the load among nodes in the cluster and prevents the avalanche effect caused by the breakdown of a node.
                                                                                                                                                                          Configuring a Consistent Hashing Rule
                                                                                                                                                                          Nginx Ingress can use the nginx.ingress.kubernetes.io/upstream-hash-by annotation to configure consistent hashing rules. The following is an example:
                                                                                                                                                                          
+
                                                                                                                                                                          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                            vi ingress-test.yaml
                                                                                                                                                                            
 
                                                                                                                                                                            For clusters of v1.23 or later:
                                                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
@@ -49,13 +50,21 @@ spec:
 
                                                                                                                                                                            
 
                                                                                                                                                                            The value of nginx.ingress.kubernetes.io/upstream-hash-by can be an nginx variable, a text value, or any combination:
                                                                                                                                                                            • nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri" indicates that requests are hashed based on the request URI.
                                                                                                                                                                            • nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri$host" indicates that requests are hashed based on the request URI and domain name.
                                                                                                                                                                            • nginx.ingress.kubernetes.io/upstream-hash-by: "${request_uri}-text-value" indicates that requests are hashed based on the request URI and text value.
                                                                                                                                                                            
 
                                                                                                                                                                            
+
                                                                                                                                                                          3. Create an ingress.
                                                                                                                                                                            kubectl create -f ingress-test.yaml
                                                                                                                                                                            
+
                                                                                                                                                                            If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                            
+
                                                                                                                                                                            ingress/ingress-test created
                                                                                                                                                                            
+
                                                                                                                                                                          4. Check the created ingress.
                                                                                                                                                                            kubectl get ingress
                                                                                                                                                                            
+
                                                                                                                                                                            If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                            
+
                                                                                                                                                                            NAME          CLASS   HOSTS     ADDRESS          PORTS   AGE
+ingress-test  nginx   *         121.**.**.**     80      10s
                                                                                                                                                                            
+
                                                                                                                                                                          
 
                                                                                                                                                                          Documentation
                                                                                                                                                                          Custom NGINX upstream hashing
                                                                                                                                                                          
 
                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0699.html b/docs/cce/umn/cce_10_0699.html
index 307b0e33d..2b627a60b 100644
--- a/docs/cce/umn/cce_10_0699.html
+++ b/docs/cce/umn/cce_10_0699.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                          Configuring Nginx Ingresses Using Annotations
                                                                                                                                                                          
+
                                                                                                                                                                          Annotations for Configuring Nginx Ingresses
                                                                                                                                                                          The nginx-ingress add-on in CCE uses the community chart and image. If the default add-on parameters cannot meet your demands, you can add annotations to define what you need, such as the default backend, timeout, and size of a request body.
                                                                                                                                                                          
 
                                                                                                                                                                          This section describes common annotations used for creating an ingress of the Nginx type.
                                                                                                                                                                          
 
                                                                                                                                                                           
                                                                                                                                                                          • The key value of an annotation can only be a string. Other types (such as Boolean values or numeric values) must be enclosed in quotation marks (""), for example, "true", "false", and "100".
                                                                                                                                                                          • Nginx Ingress supports native annotations of the community. For details, see Annotations.
                                                                                                                                                                          
@@ -23,7 +23,7 @@
 
 
                                                                                                                                                                          
@@ -31,7 +31,7 @@
 
                                                                                                                                                                          Table 14 elb.autocreate data structure
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Mandatory
                                                                                                                                                                          
+
                                                                                                                                                                          Type
                                                                                                                                                                          
+
                                                                                                                                                                          Description
                                                                                                                                                                          
+
                                                                                                                                                                          name
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          Name of the automatically created load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                          The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                                          
 
                                                                                                                                                                          Default: cce-lb+service.UID
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          type
                                                                                                                                                                          
+
                                                                                                                                                                          type
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Network type of the load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          Network type of the load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                          • public: public network load balancer
                                                                                                                                                                          • inner: private network load balancer
                                                                                                                                                                          
 
                                                                                                                                                                          Default: inner
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          bandwidth_name
                                                                                                                                                                          
+
                                                                                                                                                                          bandwidth_name
                                                                                                                                                                          
 
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
+
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                                          
+
                                                                                                                                                                          Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                                          
 
                                                                                                                                                                          The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          bandwidth_chargemode
                                                                                                                                                                          
+
                                                                                                                                                                          bandwidth_chargemode
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Bandwidth mode.
                                                                                                                                                                          
+
                                                                                                                                                                          Bandwidth mode.
                                                                                                                                                                          
 
                                                                                                                                                                          • traffic: billed by traffic
                                                                                                                                                                          
 
                                                                                                                                                                          Default: traffic
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          bandwidth_size
                                                                                                                                                                          
+
                                                                                                                                                                          bandwidth_size
                                                                                                                                                                          
 
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
+
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
 
                                                                                                                                                                          Integer
                                                                                                                                                                          
+
                                                                                                                                                                          Integer
                                                                                                                                                                          
 
                                                                                                                                                                          Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                                          
+
                                                                                                                                                                          Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                                          
 
                                                                                                                                                                          The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                                                          • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                                                          • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                                                          • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                                                          
 
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          bandwidth_sharetype
                                                                                                                                                                          
+
                                                                                                                                                                          bandwidth_sharetype
                                                                                                                                                                          
 
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
+
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Bandwidth sharing mode.
                                                                                                                                                                          
+
                                                                                                                                                                          Bandwidth sharing mode.
                                                                                                                                                                          
 
                                                                                                                                                                          • PER: dedicated bandwidth
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          eip_type
                                                                                                                                                                          
+
                                                                                                                                                                          eip_type
                                                                                                                                                                          
 
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
+
                                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          EIP type.
                                                                                                                                                                          
+
                                                                                                                                                                          EIP type.
                                                                                                                                                                          
 
                                                                                                                                                                          • 5_bgp: dynamic BGP
                                                                                                                                                                          
 
                                                                                                                                                                          The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          vip_subnet_cidr_id
                                                                                                                                                                          
+
                                                                                                                                                                          vip_subnet_cidr_id
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                                                          
+
                                                                                                                                                                          Subnet where a load balancer is located. The subnet must belong to the VPC where the cluster resides.
                                                                                                                                                                          
 
                                                                                                                                                                          If this parameter is not specified, the ELB load balancer and the cluster are in the same subnet.
                                                                                                                                                                          
 
                                                                                                                                                                          This field can be specified only for clusters of v1.21 or later.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          vip_address
                                                                                                                                                                          
+
                                                                                                                                                                          vip_address
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                                                          
+
                                                                                                                                                                          Private IP address of the load balancer. Only IPv4 addresses are supported.
                                                                                                                                                                          
 
                                                                                                                                                                          The IP address must be in the ELB CIDR block. If this parameter is not specified, an IP address will be automatically assigned from the ELB CIDR block.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only in clusters of v1.23.11-r0, v1.25.6-r0, v1.27.3-r0, or later versions.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          available_zone
                                                                                                                                                                          
+
                                                                                                                                                                          available_zone
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
 
                                                                                                                                                                          Array of strings
                                                                                                                                                                          
+
                                                                                                                                                                          Array of strings
                                                                                                                                                                          
 
                                                                                                                                                                          AZ where the load balancer is located.
                                                                                                                                                                          
+
                                                                                                                                                                          AZ where the load balancer is located.
                                                                                                                                                                          
 
                                                                                                                                                                          You can obtain all supported AZs by getting the AZ list.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          l4_flavor_name
                                                                                                                                                                          
+
                                                                                                                                                                          l4_flavor_name
                                                                                                                                                                          
 
                                                                                                                                                                          Yes
                                                                                                                                                                          
+
                                                                                                                                                                          Yes
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Flavor name of the layer-4 load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          Flavor name of the layer-4 load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                          You can obtain all supported types by getting the flavor list.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          l7_flavor_name
                                                                                                                                                                          
+
                                                                                                                                                                          l7_flavor_name
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Flavor name of the layer-7 load balancer.
                                                                                                                                                                          
+
                                                                                                                                                                          Flavor name of the layer-7 load balancer.
                                                                                                                                                                          
 
                                                                                                                                                                          You can obtain all supported types by getting the flavor list.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          elb_virsubnet_ids
                                                                                                                                                                          
+
                                                                                                                                                                          elb_virsubnet_ids
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          Array of strings
                                                                                                                                                                          
+
                                                                                                                                                                          Array of strings
                                                                                                                                                                          
 
                                                                                                                                                                          Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                                          
+
                                                                                                                                                                          Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Do not use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                          
 
                                                                                                                                                                          Example:
                                                                                                                                                                          
 
                                                                                                                                                                          "elb_virsubnet_ids": [
@@ -550,13 +672,13 @@ spec:
  ]
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          ipv6_vip_virsubnet_id
                                                                                                                                                                          
+
                                                                                                                                                                          ipv6_vip_virsubnet_id
                                                                                                                                                                          
 
                                                                                                                                                                          No
                                                                                                                                                                          
+
                                                                                                                                                                          No
                                                                                                                                                                          
 
                                                                                                                                                                          String
                                                                                                                                                                          
+
                                                                                                                                                                          String
                                                                                                                                                                          
 
                                                                                                                                                                          Specifies the ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                                                          
+
                                                                                                                                                                          ID of the IPv6 subnet where the load balancer resides. IPv6 must be enabled for the corresponding subnet. This parameter is mandatory only when the dual-stack clusters are used.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
 
 
 
 
 
 
                                                                                                                                                                          • nginx: Nginx Ingress is used.
                                                                                                                                                                          • cce: A proprietary LoadBalancer ingress is used.
                                                                                                                                                                          
 
                                                                                                                                                                          This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                                                                          
-
                                                                                                                                                                          For clusters of v1.23 or later, use the parameter ingressClassName. For details, see Using kubectl to Create an Nginx Ingress.
                                                                                                                                                                          
+
                                                                                                                                                                          For clusters of v1.23 or later, use the parameter ingressClassName. For details, see Creating an Nginx Ingress Using kubectl.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          Only clusters of v1.21 or earlier
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          For details about how to use the preceding annotations, see Using kubectl to Create an Nginx Ingress.
                                                                                                                                                                          
+
                                                                                                                                                                          For details about how to use the preceding annotations, see Creating an Nginx Ingress Using kubectl.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          Interconnecting with HTTPS Backend Services
                                                                                                                                                                          
 
                                                                                                                                                                          
-
diff --git a/docs/cce/umn/cce_10_0704.html b/docs/cce/umn/cce_10_0704.html
index 2a56be4aa..c472b4bc3 100644
--- a/docs/cce/umn/cce_10_0704.html
+++ b/docs/cce/umn/cce_10_0704.html
@@ -10,16 +10,18 @@
 
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0705.html b/docs/cce/umn/cce_10_0705.html
index 400a97522..b7e81f7fe 100644
--- a/docs/cce/umn/cce_10_0705.html
+++ b/docs/cce/umn/cce_10_0705.html
@@ -1,11 +1,7 @@
 
 
-
-  
                                                                                                                                                                          Observability
                                                                                                                                                                          
-
-  
                                                                                                                                                                          
-
                                                                                                                                                                          
-
+
                                                                                                                                                                          Observability
                                                                                                                                                                          
+
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                            
 
                                                                                                                                                                          • Logging
                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0709.html b/docs/cce/umn/cce_10_0709.html
index bd0ac1c0f..06224189a 100644
--- a/docs/cce/umn/cce_10_0709.html
+++ b/docs/cce/umn/cce_10_0709.html
@@ -1,11 +1,7 @@
 
 
-
-  
                                                                                                                                                                            Cloud Native Hybrid Deployment
                                                                                                                                                                            
-
-  
                                                                                                                                                                            
-
                                                                                                                                                                            
-
+
                                                                                                                                                                            Cloud Native Hybrid Deployment
                                                                                                                                                                            
+
                                                                                                                                                                            
 
                                                                                                                                                                            
 
                                                                                                                                                                              
 
                                                                                                                                                                            • Dynamic Resource Oversubscription
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0720.html b/docs/cce/umn/cce_10_0720.html
index 7917afb82..8769827c9 100644
--- a/docs/cce/umn/cce_10_0720.html
+++ b/docs/cce/umn/cce_10_0720.html
@@ -1,11 +1,7 @@
 
 
-
-  
                                                                                                                                                                              GPU Scheduling
                                                                                                                                                                              
-
-  
                                                                                                                                                                              
-
                                                                                                                                                                              
-
+
                                                                                                                                                                              GPU Scheduling
                                                                                                                                                                              
+
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                                
 
                                                                                                                                                                              • Default GPU Scheduling in Kubernetes
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0721.html b/docs/cce/umn/cce_10_0721.html
index 828854c61..9f0626065 100644
--- a/docs/cce/umn/cce_10_0721.html
+++ b/docs/cce/umn/cce_10_0721.html
@@ -1,13 +1,13 @@
 
 
 
                                                                                                                                                                                Overview
                                                                                                                                                                                
-
                                                                                                                                                                                Volcano is a Kubernetes-based batch processing platform that supports machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provides general-purpose, high-performance computing capabilities, such as job scheduling, heterogeneous chip management, and job running management.
                                                                                                                                                                                
+
                                                                                                                                                                                Volcano is a batch processing platform that runs on Kubernetes for machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provides general-purpose, high-performance computing capabilities, such as job scheduling, heterogeneous chip management, and job running management.
                                                                                                                                                                                
 
                                                                                                                                                                                Volcano Scheduler
                                                                                                                                                                                Volcano Scheduler is a pod scheduling component, which consists of a series of actions and plugins. Actions should be executed in every step. Plugins provide the action algorithm details in different scenarios. Volcano Scheduler features high scalability. You can specify actions and plugins as needed.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 1 Volcano Scheduler workflow
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 1 Volcano Scheduler workflow
                                                                                                                                                                                
 
                                                                                                                                                                                The working process of Volcano Scheduler is as follows:
                                                                                                                                                                                
 
                                                                                                                                                                                1. Identify and cache the job submitted by the client.
                                                                                                                                                                                2. Start a periodical session. A scheduling cycle begins.
                                                                                                                                                                                3. Send jobs that are not scheduled the to-be-scheduled queue of the session.
                                                                                                                                                                                4. Traverse all jobs to be scheduled and perform actions such as enqueue, allocate, preempt, reclaim, and backfill in the configured sequence to find the most appropriate node for each job. Bind the job to the node. The specific algorithm logic executed in action depends on the implementation of each function in the registered plugin.
                                                                                                                                                                                5. Close the session.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Custom Volcano Resources
                                                                                                                                                                                • A pod group is a custom Volcano resource type. It is a group of pods with strong association and is mainly used in batch scheduling, for example, ps and worker tasks in TensorFlow.
                                                                                                                                                                                • A Queue contains a group of PodGroups. It is also the basis for the PodGroups to obtain cluster resources.
                                                                                                                                                                                • Volcano Job (vcjob for short) is a custom job resource type. Different from Kubernetes Jobs, vcjob supports specified scheduler, the minimum number of running pods, tasks, lifecycle management, specified queues, and priority-based scheduling. Volcano Job is more suitable for high-performance computing scenarios such as machine learning, big data, and scientific computing.
                                                                                                                                                                                
+
                                                                                                                                                                                Custom Volcano Resources
                                                                                                                                                                                • A pod group is a custom Volcano resource type. It is a group of pods with strong association and is mainly used in batch scheduling, for example, ps and worker tasks in TensorFlow.
                                                                                                                                                                                • A queue contains a group of PodGroups. It is also the basis for the PodGroups to obtain cluster resources.
                                                                                                                                                                                • Volcano Job (vcjob for short) is a custom job resource type. Different from Kubernetes Jobs, vcjob supports specified scheduler, the minimum number of running pods, tasks, lifecycle management, specified queues, and priority-based scheduling. Volcano Job is more suitable for high-performance computing scenarios such as machine learning, big data, and scientific computing.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0722.html b/docs/cce/umn/cce_10_0722.html
index a7c5ed92a..afa4623c3 100644
--- a/docs/cce/umn/cce_10_0722.html
+++ b/docs/cce/umn/cce_10_0722.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                Scheduling Workloads
                                                                                                                                                                                
 
                                                                                                                                                                                Volcano is a Kubernetes-based batch processing platform with high-performance general computing capabilities like task scheduling engine, heterogeneous chip management, and task running management. It provides end users with computing frameworks from multiple domains such as AI, big data, gene, and rendering. It also offers job scheduling, job management, and queue management for computing applications.
                                                                                                                                                                                
 
                                                                                                                                                                                Kubernetes typically uses its default scheduler to schedule workloads. To use Volcano, specify Volcano for your workloads. For details about the Kubernetes scheduler, see Specify schedulers for pods.
                                                                                                                                                                                
-
                                                                                                                                                                                Notes and Constraints
                                                                                                                                                                                When a large number of workloads are scheduled, Volcano prints a large number of logs. In this case, you can use Volcano with LTS. Otherwise, the disk space of the node where Volcano resides may be used up. For details, see Collecting Container Logs.
                                                                                                                                                                                
+
                                                                                                                                                                                Notes and Constraints
                                                                                                                                                                                If you schedule a lot of workloads, Volcano will generate a significant number of logs. To prevent the node hosting Volcano from running out of disk space, use Volcano with LTS. 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Using Volcano
                                                                                                                                                                                When using Volcano to schedule workloads, you only need to configure schedulerName in the spec field of the pod and set the parameter to volcano. The following is an example:
                                                                                                                                                                                apiVersion: apps/v1
 kind: Deployment
diff --git a/docs/cce/umn/cce_10_0725.html b/docs/cce/umn/cce_10_0725.html
index d53af7676..54cba9acd 100644
--- a/docs/cce/umn/cce_10_0725.html
+++ b/docs/cce/umn/cce_10_0725.html
@@ -11,9 +11,13 @@
 
                                                                                                                                                                                If no EV is imported during node creation, or the capacity of the current storage volume is insufficient, you can manually import an EV.
                                                                                                                                                                                
 
                                                                                                                                                                                1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                                                2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                3. Choose Storage in the navigation pane. In the right pane, click the Storage Pool tab.
                                                                                                                                                                                4. View the node to which the disk has been added and select Import as EV. You can select a write mode during the import.
                                                                                                                                                                                   
                                                                                                                                                                                  If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                                                  • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                                                  • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence. This allows data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
+
                                                                                                                                                                                Expanding a Storage Pool
                                                                                                                                                                                The capacity of a storage pool can be expanded in either of the following ways:
                                                                                                                                                                                
+
                                                                                                                                                                                1. Add more large-capacity disks to the pool using the preceding manual import method.
                                                                                                                                                                                2. Increase the size of the existing disks on the ECS console. Then, the storage pool capacity will be automatically expanded.
                                                                                                                                                                                
+
                                                                                                                                                                                Either of these methods will work.
                                                                                                                                                                                
+
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0726.html b/docs/cce/umn/cce_10_0726.html
index 590a95b73..1c7276313 100644
--- a/docs/cce/umn/cce_10_0726.html
+++ b/docs/cce/umn/cce_10_0726.html
@@ -21,14 +21,14 @@
 
                                                                                                                                                                          
-
                                                                                                                                                                          Table 2 Annotations for interconnecting with HTTPS backend services
                                                                                                                                                                          Parameter
                                                                                                                                                                          
@@ -163,7 +163,7 @@ Getting CA Private Key
 
                                                                                                                                                                        5. Run the following command to create a secret of the server certificate:
                                                                                                                                                                          kubectl create secret generic tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key
                                                                                                                                                                          
 
                                                                                                                                                                          Expected output:
                                                                                                                                                                          
 
                                                                                                                                                                          secret/tls-secret created
                                                                                                                                                                          
-
                                                                                                                                                                        6. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
+
                                                                                                                                                                        7. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                          
 
                                                                                                                                                                          • For clusters of v1.23 or later:
                                                                                                                                                                            apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -310,11 +310,11 @@ spec:
 
                                                                                                                                                                          • Run the following command to create an ingress:
                                                                                                                                                                            kubectl create -f ingress-test.yaml
                                                                                                                                                                            
 
                                                                                                                                                                            Expected output:
                                                                                                                                                                            
 
                                                                                                                                                                            ingress.networking.k8s.io/ingress-test created
                                                                                                                                                                            
-
                                                                                                                                                                          • Check the Nginx Ingress Controller configuration.
                                                                                                                                                                            1. Run the following command to check the Nginx Ingress Controller pods:
                                                                                                                                                                              kubectl get pods -n kube-system | grep nginx-ingress-controller
                                                                                                                                                                              
+
                                                                                                                                                                            2. Check the NGINX Ingress Controller configuration.
                                                                                                                                                                              1. Run the following command to check the NGINX Ingress Controller pods:
                                                                                                                                                                                kubectl get pods -n kube-system | grep nginx-ingress-controller
                                                                                                                                                                                
 
                                                                                                                                                                                Expected output:
                                                                                                                                                                                
 
                                                                                                                                                                                cceaddon-nginx-ingress-controller-68d7bcc67-dxxxx        1/1     Running   0          18h
 cceaddon-nginx-ingress-controller-68d7bcc67-cxxxx        1/1     Running   0          18h
                                                                                                                                                                                
-
                                                                                                                                                                              2. Run the following command to check the Nginx Ingress Controller configuration:
                                                                                                                                                                                kubectl exec -n kube-system cceaddon-nginx-ingress-controller-68d7bcc67-dxxxx cat /etc/nginx/nginx.conf | grep -C3 "foo.bar.com"
                                                                                                                                                                                
+
                                                                                                                                                                              3. Run the following command to check the NGINX Ingress Controller configuration:
                                                                                                                                                                                kubectl exec -n kube-system cceaddon-nginx-ingress-controller-68d7bcc67-dxxxx cat /etc/nginx/nginx.conf | grep -C3 "foo.bar.com"
                                                                                                                                                                                
 
                                                                                                                                                                                Expected output:
                                                                                                                                                                                
 
                                                                                                                                                                                         ## start server foo.bar.com
          server {
diff --git a/docs/cce/umn/cce_10_0702.html b/docs/cce/umn/cce_10_0702.html
index 97480936f..d7b21da41 100644
--- a/docs/cce/umn/cce_10_0702.html
+++ b/docs/cce/umn/cce_10_0702.html
@@ -14,7 +14,7 @@
 
                                                                                                                                                                          8. 
 
                                                                                                                                                                          CPU policy
                                                                                                                                                                          
 
                                                                                                                                                                          When many CPU-intensive pods are running on a node, workloads may be migrated to different CPU cores. Many workloads are not sensitive to this migration and thus work fine without any intervention. For CPU-sensitive applications, you can use the CPU policy provided by Kubernetes to allocate dedicated cores to applications, improving application performance and reducing application scheduling latency.
                                                                                                                                                                          
+
                                                                                                                                                                          When many CPU-intensive pods are running on a node, workloads may be migrated to different CPU cores. Many workloads are not sensitive to this migration and work fine without any intervention. For CPU-sensitive applications, you can use the CPU policy provided by Kubernetes to allocate dedicated cores to applications, improving application performance and reducing application scheduling latency.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          CPU Policy
                                                                                                                                                                          
                                                                                                                                                                           		
 
 
                                                                                                                                                                          Mount Path
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          Enter a mount path, for example, /tmp.
                                                                                                                                                                          
-
                                                                                                                                                                          This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                           NOTICE: 
                                                                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                          
+
                                                                                                                                                                          This parameter specifies a container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. This may lead to container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, leading to container startup failures or workload creation failures.
                                                                                                                                                                           NOTICE: 
                                                                                                                                                                          If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          
 
                                                                                                                                                                          		
 
                                                                                                                                                                          
 
                                                                                                                                                                          Subpath
                                                                                                                                                                          
 
                                                                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                          
+
                                                                                                                                                                          Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp folder of the storage volume. If this parameter is left blank, the root path will be used by default.
                                                                                                                                                                          
                                                                                                                                                                           		
 
                                                                                                                                                                          
 
                                                                                                                                                                          Permission
                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0727.html b/docs/cce/umn/cce_10_0727.html
index 4afc61c15..978c247c2 100644
--- a/docs/cce/umn/cce_10_0727.html
+++ b/docs/cce/umn/cce_10_0727.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                          Auto Scaling (AS) enables elastic scaling of nodes in a node pool based on scaling policies. Without this function, you have to manually adjust the number of nodes in a node pool.
                                                                                                                                                                          
 
                                                                                                                                                                          Notes and Constraints
                                                                                                                                                                          To enable AS, the CCE Cluster Autoscaler add-on must be installed in the target cluster.
                                                                                                                                                                          
 
                                                                                                                                                                          
-
                                                                                                                                                                          Procedure
                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                          2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                                                                                                                                            • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                                                                                                                                            • If Autoscaler has been installed, directly configure auto scaling policies.
                                                                                                                                                                            
+
                                                                                                                                                                            Procedure
                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                            2. In the navigation pane, choose Nodes. On the Node Pools tab, locate the row containing the target node pool and click Auto Scaling.
                                                                                                                                                                              • If Autoscaler has not been installed, configure add-on parameters based on service requirements, click Install, and wait until the add-on is installed. For details about add-on configurations, see CCE Cluster Autoscaler.
                                                                                                                                                                              • If Autoscaler has been installed, directly configure scaling policies.
                                                                                                                                                                              
 
                                                                                                                                                                            3. Configure auto scaling policies.
                                                                                                                                                                              AS Configuration
                                                                                                                                                                              
 
                                                                                                                                                                              • Customized Rule: Click Add Rule. In the dialog box displayed, configure parameters. You can add multiple node scaling policies, a maximum of one CPU usage-based rule, and one memory usage-based rule. The total number of rules cannot exceed 10.
                                                                                                                                                                                The following table lists custom rules.
 
                                                                                                                                                                                Table 1 Custom rules
                                                                                                                                                                                Rule Type
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0728.html b/docs/cce/umn/cce_10_0728.html
index 7682985dd..c23f92258 100644
--- a/docs/cce/umn/cce_10_0728.html
+++ b/docs/cce/umn/cce_10_0728.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                Configuring Tolerance Policies
                                                                                                                                                                                
-
                                                                                                                                                                                Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is configured for a pod, the scheduler will schedule the pod based on node taint policies to prevent the pod from being scheduled to an inappropriate node.
                                                                                                                                                                                
+
                                                                                                                                                                                Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is configured for a pod, the scheduler will schedule the pod based on node taint policies to prevent the pod from being scheduled to an inappropriate node. For more examples, see Taints and Tolerations.
                                                                                                                                                                                
 
                                                                                                                                                                                The following table shows how taint policies and tolerations affect pod running.
                                                                                                                                                                                
 
 
                                                                                                                                                                                Taint Policy
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0729.html b/docs/cce/umn/cce_10_0729.html
index a92bf957c..2cc9d80e6 100644
--- a/docs/cce/umn/cce_10_0729.html
+++ b/docs/cce/umn/cce_10_0729.html
@@ -2,85 +2,87 @@
 
 
                                                                                                                                                                                Configuring Timeout for a LoadBalancer Service
                                                                                                                                                                                
 
                                                                                                                                                                                LoadBalancer Services allow you to configure timeout, which is the maximum duration for keeping a connection if no request is received from the client. If no request is received during this period, the load balancer closes the connection and establishes a new one with the client when the next request arrives.
                                                                                                                                                                                
-
                                                                                                                                                                                Notes and Constraints
                                                                                                                                                                                • The following table lists the scenarios where timeout can be configured for a Service.
-
                                                                                                                                                                                  Timeout Type
                                                                                                                                                                                  
+
                                                                                                                                                                                   
                                                                                                                                                                                  After timeout is configured, if you delete the timeout configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  Notes and Constraints
                                                                                                                                                                                  The following table lists the scenarios where timeout can be configured for a Service.
+
                                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                  Timeout Type
                                                                                                                                                                                  
 
                                                                                                                                                                                  Load Balancer Type
                                                                                                                                                                                  
+
                                                                                                                                                                                  Load Balancer Type
                                                                                                                                                                                  
 
                                                                                                                                                                                  Restrictions
                                                                                                                                                                                  
+
                                                                                                                                                                                  Restrictions
                                                                                                                                                                                  
 
                                                                                                                                                                                  Supported Cluster Version
                                                                                                                                                                                  
+
                                                                                                                                                                                  Supported Cluster Version
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  Idle timeout
                                                                                                                                                                                  
+
                                                                                                                                                                                  Idle timeout
                                                                                                                                                                                  
 
                                                                                                                                                                                  Dedicated
                                                                                                                                                                                  
+
                                                                                                                                                                                  Dedicated
                                                                                                                                                                                  
 
                                                                                                                                                                                  None
                                                                                                                                                                                  
+
                                                                                                                                                                                  None
                                                                                                                                                                                  
 
                                                                                                                                                                                  • v1.19: v1.19.16-r30 or later
                                                                                                                                                                                  • v1.21: v1.21.10-r10 or later
                                                                                                                                                                                  • v1.23: v1.23.8-r10 or later
                                                                                                                                                                                  • v1.25: v1.25.3-r10 or later
                                                                                                                                                                                  • Other clusters of later versions
                                                                                                                                                                                  
+
                                                                                                                                                                                  • v1.19: v1.19.16-r30 or later
                                                                                                                                                                                  • v1.21: v1.21.10-r10 or later
                                                                                                                                                                                  • v1.23: v1.23.8-r10 or later
                                                                                                                                                                                  • v1.25: v1.25.3-r10 or later
                                                                                                                                                                                  • Other clusters of later versions
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Idle timeout
                                                                                                                                                                                  
+
                                                                                                                                                                                  Idle timeout
                                                                                                                                                                                  
 
                                                                                                                                                                                  Shared
                                                                                                                                                                                  
+
                                                                                                                                                                                  Shared
                                                                                                                                                                                  
 
                                                                                                                                                                                  UDP is not supported.
                                                                                                                                                                                  
+
                                                                                                                                                                                  UDP is not supported.
                                                                                                                                                                                  
 
                                                                                                                                                                                  • v1.23: v1.23.13-r0 or later
                                                                                                                                                                                  • v1.25: v1.25.8-r0 or later
                                                                                                                                                                                  • v1.27: v1.27.5-r0 or later
                                                                                                                                                                                  • v1.28: v1.28.3-r0 or later
                                                                                                                                                                                  • Other clusters of later versions
                                                                                                                                                                                  
+
                                                                                                                                                                                  • v1.23: v1.23.13-r0 or later
                                                                                                                                                                                  • v1.25: v1.25.8-r0 or later
                                                                                                                                                                                  • v1.27: v1.27.5-r0 or later
                                                                                                                                                                                  • v1.28: v1.28.3-r0 or later
                                                                                                                                                                                  • Other clusters of later versions
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Request timeout
                                                                                                                                                                                  
+
                                                                                                                                                                                  Request timeout
                                                                                                                                                                                  
 
                                                                                                                                                                                  Dedicated and shared
                                                                                                                                                                                  
+
                                                                                                                                                                                  Dedicated and shared
                                                                                                                                                                                  
 
                                                                                                                                                                                  Only HTTP and HTTPS are supported.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Only HTTP and HTTPS are supported.
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  Response timeout
                                                                                                                                                                                  
+
                                                                                                                                                                                  Response timeout
                                                                                                                                                                                  
 
                                                                                                                                                                                  Dedicated and shared
                                                                                                                                                                                  
+
                                                                                                                                                                                  Dedicated and shared
                                                                                                                                                                                  
 
                                                                                                                                                                                  Only HTTP and HTTPS are supported.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Only HTTP and HTTPS are supported.
                                                                                                                                                                                  
                                                                                                                                                                                   		
 
                                                                                                                                                                                  
                                                                                                                                                                                   
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  
-
                                                                                                                                                                                • After timeout is configured, if you delete the timeout configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                                  • 
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  Using the CCE Console
                                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                  2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                                  3. Configure Service parameters. In this example, only mandatory parameters required for configuring timeout are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                                    • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                                    • Service Type: Select LoadBalancer.
                                                                                                                                                                                    • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                    • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                                      • A load balancer can be dedicated or shared.
                                                                                                                                                                                      • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                                      
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  Using the CCE Console
                                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                  2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                                  3. Configure Service parameters. In this example, only mandatory parameters required for configuring timeout are listed. For details about how to configure other parameters, see Using the Console.
                                                                                                                                                                                    • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                                    • Service Type: Select LoadBalancer.
                                                                                                                                                                                    • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                    • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                                      • A load balancer can be dedicated or shared.
                                                                                                                                                                                      • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                                      
 
                                                                                                                                                                                    • Ports
                                                                                                                                                                                      • Protocol: protocol that the load balancer complies. Timeout cannot be configured for a UDP-compliant shared load balancer.
                                                                                                                                                                                      • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                                      • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                                      • Frontend Protocol: Select a protocol for the listener. If HTTP/HTTPS is not enabled, only the idle timeout can be configured.
                                                                                                                                                                                      
 
                                                                                                                                                                                    • Listener
                                                                                                                                                                                      • Advanced Options: Select a proper option.
-
                                                                                                                                                                                        Configuration
                                                                                                                                                                                        
+
                                                                                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
@@ -96,6 +98,7 @@ metadata:
   annotations:
     kubernetes.io/elb.id: <your_elb_id>    # In this example, an existing dedicated load balancer is used. Replace its ID with the ID of your dedicated load balancer.
     kubernetes.io/elb.class: performance  # Load balancer type
+    kubernetes.io/elb.protocol-port: http:80 # The HTTP port 80 is used.
     kubernetes.io/elb.keepalive_timeout: '300'  # Timeout setting for client connections
     kubernetes.io/elb.client_timeout: '60'      # Timeout for waiting for a request from a client
     kubernetes.io/elb.member_timeout: '60'      # Timeout for waiting for a response from a backend server
@@ -111,45 +114,45 @@ spec:
   type: LoadBalancer
 
-
                                                                                                                                                                                        Configuration
                                                                                                                                                                                        
 
                                                                                                                                                                                        Description
                                                                                                                                                                                        
+
                                                                                                                                                                                        Description
                                                                                                                                                                                        
 
                                                                                                                                                                                        Restrictions
                                                                                                                                                                                        
+
                                                                                                                                                                                        Restrictions
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Idle Timeout
                                                                                                                                                                                        
+
                                                                                                                                                                                        Idle Timeout
                                                                                                                                                                                        
 
                                                                                                                                                                                        Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Timeout for an idle client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                                        
 
                                                                                                                                                                                        This configuration is not supported if the port of a shared load balancer uses UDP.
                                                                                                                                                                                        
+
                                                                                                                                                                                        This configuration is not supported if the port of a shared load balancer uses UDP.
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        Request Timeout
                                                                                                                                                                                        
+
                                                                                                                                                                                        Request Timeout
                                                                                                                                                                                        
 
                                                                                                                                                                                        Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                                        
 
                                                                                                                                                                                        • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                                                        • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                                                        
 
                                                                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                                        
+
                                                                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        Response Timeout
                                                                                                                                                                                        
+
                                                                                                                                                                                        Response Timeout
                                                                                                                                                                                        
 
                                                                                                                                                                                        Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                                        
 
                                                                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                                        
+
                                                                                                                                                                                        This parameter is available only after HTTP/HTTPS is enabled on ports.
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        
                                                                                                                                                                                         
 
                                                                                                                                                                                        Table 1 Key annotation parameters
                                                                                                                                                                                        Parameter
                                                                                                                                                                                        
+
                                                                                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0730.html b/docs/cce/umn/cce_10_0730.html
index c0911f274..82866b890 100644
--- a/docs/cce/umn/cce_10_0730.html
+++ b/docs/cce/umn/cce_10_0730.html
@@ -2,39 +2,91 @@
 
 
                                                                                                                                                                                        Configuring Timeout for a LoadBalancer Ingress
                                                                                                                                                                                        LoadBalancer ingresses support the following timeout settings:
                                                                                                                                                                                        
-
                                                                                                                                                                                        • Idle timeout setting for client connections: Maximum duration for keeping a connection when no client request is received. If no request is received during this period, the load balancer closes the connection and establishes a new one with the client when the next request arrives.
                                                                                                                                                                                        • Timeout for waiting for a request from a client: If the client fails to send a request header to the load balancer during the timeout duration or the interval for sending body data exceeds a specified period, the load balancer will release the connection.
                                                                                                                                                                                        • Timeout setting for waiting for a response from a backend server: If the backend server fails to respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout to the client.
                                                                                                                                                                                        
-
                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                        • The following table lists the scenarios where timeout can be configured for a Service.
-
                                                                                                                                                                                        Table 1 Key annotation parameters
                                                                                                                                                                                        Parameter
                                                                                                                                                                                        
 
                                                                                                                                                                                        Mandatory
                                                                                                                                                                                        
+
                                                                                                                                                                                        Mandatory
                                                                                                                                                                                        
 
                                                                                                                                                                                        Type
                                                                                                                                                                                        
+
                                                                                                                                                                                        Type
                                                                                                                                                                                        
 
                                                                                                                                                                                        Description
                                                                                                                                                                                        
+
                                                                                                                                                                                        Description
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        kubernetes.io/elb.keepalive_timeout
                                                                                                                                                                                        
+
                                                                                                                                                                                        kubernetes.io/elb.keepalive_timeout
                                                                                                                                                                                        
 
                                                                                                                                                                                        No
                                                                                                                                                                                        
+
                                                                                                                                                                                        No
                                                                                                                                                                                        
 
                                                                                                                                                                                        String
                                                                                                                                                                                        
+
                                                                                                                                                                                        String
                                                                                                                                                                                        
 
                                                                                                                                                                                        Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                                        
 
                                                                                                                                                                                        Value:
                                                                                                                                                                                        
 
                                                                                                                                                                                        • For TCP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                                                        • For HTTP, HTTPS, and TERMINATED_HTTPS listeners, the value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                                                                        • For UDP listeners, the value ranges from 10 to 4000 (in seconds). The default value is 300.
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        kubernetes.io/elb.client_timeout
                                                                                                                                                                                        
+
                                                                                                                                                                                        kubernetes.io/elb.client_timeout
                                                                                                                                                                                        
 
                                                                                                                                                                                        No
                                                                                                                                                                                        
+
                                                                                                                                                                                        No
                                                                                                                                                                                        
 
                                                                                                                                                                                        String
                                                                                                                                                                                        
+
                                                                                                                                                                                        String
                                                                                                                                                                                        
 
                                                                                                                                                                                        Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                                        
 
                                                                                                                                                                                        • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                                                        • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                                                        
 
                                                                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        kubernetes.io/elb.member_timeout
                                                                                                                                                                                        
+
                                                                                                                                                                                        kubernetes.io/elb.member_timeout
                                                                                                                                                                                        
 
                                                                                                                                                                                        No
                                                                                                                                                                                        
+
                                                                                                                                                                                        No
                                                                                                                                                                                        
 
                                                                                                                                                                                        String
                                                                                                                                                                                        
+
                                                                                                                                                                                        String
                                                                                                                                                                                        
 
                                                                                                                                                                                        Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                                        
 
                                                                                                                                                                                        The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                                                        
                                                                                                                                                                                         		
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Timeout Type
                                                                                                                                                                                        
+
                                                                                                                                                                                        • Idle timeout setting for client connections: maximum duration for keeping a connection when no client request is received. If no request is received during this period, the load balancer closes the connection and establishes a new one with the client when the next request arrives.
                                                                                                                                                                                        • Timeout for waiting for a request from a client: If the client fails to send a request header to the load balancer during the timeout duration or the interval for sending body data exceeds a specified period, the load balancer will release the connection.
                                                                                                                                                                                        • Timeout setting for waiting for a response from a backend server: If the backend server fails to respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout to the client.
                                                                                                                                                                                        
+
                                                                                                                                                                                         
                                                                                                                                                                                        If you delete the timeout configuration when updating an ingress, the timeout configuration of the existing listener will be reset to the default value.
                                                                                                                                                                                        
+
                                                                                                                                                                                        
+
                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                        • A CCE standard or Turbo cluster is available. The table below shows which cluster versions support the timeout configuration.
+
                                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                          Timeout Type
                                                                                                                                                                                          
 
                                                                                                                                                                                          Load Balancer Type
                                                                                                                                                                                          
+
                                                                                                                                                                                          Load Balancer Type
                                                                                                                                                                                          
 
                                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                                          
+
                                                                                                                                                                                          Supported Cluster Version
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Idle Timeout
                                                                                                                                                                                          
+
                                                                                                                                                                                          Idle Timeout
                                                                                                                                                                                          
 
                                                                                                                                                                                          Dedicated
                                                                                                                                                                                          
+
                                                                                                                                                                                          Dedicated
                                                                                                                                                                                          
 
                                                                                                                                                                                          • v1.19: v1.19.16-r30 or later
                                                                                                                                                                                          • v1.21: v1.21.10-r10 or later
                                                                                                                                                                                          • v1.23: v1.23.8-r10 or later
                                                                                                                                                                                          • v1.25: v1.25.3-r10 or later
                                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                                          
+
                                                                                                                                                                                          • v1.19: v1.19.16-r30 or later
                                                                                                                                                                                          • v1.21: v1.21.10-r10 or later
                                                                                                                                                                                          • v1.23: v1.23.8-r10 or later
                                                                                                                                                                                          • v1.25: v1.25.3-r10 or later
                                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Request Timeout
                                                                                                                                                                                          
+
                                                                                                                                                                                          Request Timeout
                                                                                                                                                                                          
 
                                                                                                                                                                                          Dedicated
                                                                                                                                                                                          
+
                                                                                                                                                                                          Dedicated
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Response Timeout
                                                                                                                                                                                          
+
                                                                                                                                                                                          Response Timeout
                                                                                                                                                                                          
 
                                                                                                                                                                                          Dedicated
                                                                                                                                                                                          
+
                                                                                                                                                                                          Dedicated
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
                                                                                                                                                                                           
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
-
                                                                                                                                                                                        • If you delete the timeout configuration during an ingress update, the timeout configuration on the existing listeners will be retained.
                                                                                                                                                                                        
+
                                                                                                                                                                                      • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                                                                      • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                                                                        • 
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Using kubectl
                                                                                                                                                                                        An ingress configuration example is as follows:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Using the CCE Console to Configure Timeout
                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                        2. In the navigation pane, choose Services & Ingresses. Click the Ingresses tab and click Create Ingress in the upper right corner.
                                                                                                                                                                                        3. Configure ingress parameters.
                                                                                                                                                                                           
                                                                                                                                                                                          This example explains only key parameters for configuring timeout. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
+
                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                                          Parameter
                                                                                                                                                                                          
+
                                                                                                                                                                                          Description
                                                                                                                                                                                          
+
                                                                                                                                                                                          Example
                                                                                                                                                                                          
+
                                                                                                                                                                                          Name
                                                                                                                                                                                          
+
                                                                                                                                                                                          Enter an ingress name.
                                                                                                                                                                                          
+
                                                                                                                                                                                          ingress-test
                                                                                                                                                                                          
+
                                                                                                                                                                                          Load Balancer
                                                                                                                                                                                          
+
                                                                                                                                                                                          Select a load balancer to be associated with the ingress or automatically create a load balancer. A load balancer can be dedicated or shared.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Dedicated
                                                                                                                                                                                          
+
                                                                                                                                                                                          Listener
                                                                                                                                                                                          
+
                                                                                                                                                                                          • External Protocol: HTTP and HTTPS are available.
                                                                                                                                                                                          • External Port: specifies the port of the load balancer listener.
                                                                                                                                                                                          • Advanced Options
                                                                                                                                                                                            • Idle Timeout (s): specifies the idle timeout of a client connection. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                                            • Request Timeout (s): specifies the timeout duration for waiting for a client request.
                                                                                                                                                                                              Specifically:
                                                                                                                                                                                              
+
                                                                                                                                                                                              If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                                                              
+
                                                                                                                                                                                            • Response Timeout (s): specifies the timeout duration for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond during the timeout duration, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                                            
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          • External Protocol: HTTP
                                                                                                                                                                                          • External Port: 80
                                                                                                                                                                                          • Advanced Options
                                                                                                                                                                                            • Idle Timeout (s): 60
                                                                                                                                                                                            • Request Timeout (s): 60
                                                                                                                                                                                            • Response Timeout (s): 60
                                                                                                                                                                                            
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Forwarding Policy
                                                                                                                                                                                          
+
                                                                                                                                                                                          • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                                          • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                                          • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                                          • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                                          • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                                          
+
                                                                                                                                                                                          • Domain Name: You do not need to configure this parameter.
                                                                                                                                                                                          • Path Matching Rule: Prefix match
                                                                                                                                                                                          • Path: /
                                                                                                                                                                                          • Destination Service: nginx
                                                                                                                                                                                          • Destination Service Port: 80
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        4. Click OK.
                                                                                                                                                                                        
+
                                                                                                                                                                                        
+
                                                                                                                                                                                        Using kubectl to Configure Timeout
                                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                                          
+
                                                                                                                                                                                          An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                                                                          
 
                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -63,55 +115,63 @@ spec:
             pathType: ImplementationSpecific
   ingressClassName: cce
                                                                                                                                                                                          
 
-
                                                                                                                                                                                          Table 1 Key annotation parameters
                                                                                                                                                                                          Parameter
                                                                                                                                                                                          
+
                                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                          Table 2 Key annotation parameters
                                                                                                                                                                                          Parameter
                                                                                                                                                                                          
 
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
+
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
 
                                                                                                                                                                                          Type
                                                                                                                                                                                          
+
                                                                                                                                                                                          Type
                                                                                                                                                                                          
 
                                                                                                                                                                                          Description
                                                                                                                                                                                          
+
                                                                                                                                                                                          Description
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          kubernetes.io/elb.keepalive_timeout
                                                                                                                                                                                          
+
                                                                                                                                                                                          kubernetes.io/elb.keepalive_timeout
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
 
                                                                                                                                                                                          String
                                                                                                                                                                                          
+
                                                                                                                                                                                          String
                                                                                                                                                                                          
 
                                                                                                                                                                                          Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                                          
-
                                                                                                                                                                                          The value ranges from 0 to 4000 (in seconds). The default value is 60.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Timeout for client connections. If there are no requests reaching the load balancer during the timeout duration, the load balancer will disconnect the connection from the client and establish a new connection when there is a new request.
                                                                                                                                                                                          
+
                                                                                                                                                                                          The value ranges from 0 to 4000 seconds. The default value is 60.
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          kubernetes.io/elb.client_timeout
                                                                                                                                                                                          
+
                                                                                                                                                                                          kubernetes.io/elb.client_timeout
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
 
                                                                                                                                                                                          String
                                                                                                                                                                                          
+
                                                                                                                                                                                          String
                                                                                                                                                                                          
 
                                                                                                                                                                                          Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                                          
+
                                                                                                                                                                                          Timeout for waiting for a request from a client. There are two cases:
                                                                                                                                                                                          
 
                                                                                                                                                                                          • If the client fails to send a request header to the load balancer during the timeout duration, the request will be interrupted.
                                                                                                                                                                                          • If the interval between two consecutive request bodies reaching the load balancer is greater than the timeout duration, the connection will be disconnected.
                                                                                                                                                                                          
 
                                                                                                                                                                                          The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          kubernetes.io/elb.member_timeout
                                                                                                                                                                                          
+
                                                                                                                                                                                          kubernetes.io/elb.member_timeout
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
 
                                                                                                                                                                                          String
                                                                                                                                                                                          
+
                                                                                                                                                                                          String
                                                                                                                                                                                          
 
                                                                                                                                                                                          Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Timeout for waiting for a response from a backend server. After a request is forwarded to the backend server, if the backend server does not respond within the duration specified by member_timeout, the load balancer will stop waiting and return HTTP 504 Gateway Timeout.
                                                                                                                                                                                          
 
                                                                                                                                                                                          The value ranges from 1 to 300 (in seconds). The default value is 60.
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
                                                                                                                                                                                           
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
+
                                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                                          
+
                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                          
+
                                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                                          
+
                                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                                          
+
                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                          
+
                                                                                                                                                                                          NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                                          
+
                                                                                                                                                                                          5. 
 
 
 
 
diff --git a/docs/cce/umn/cce_10_0734.html b/docs/cce/umn/cce_10_0734.html
index 009dc5bcb..8845ab41c 100644
--- a/docs/cce/umn/cce_10_0734.html
+++ b/docs/cce/umn/cce_10_0734.html
@@ -6,20 +6,20 @@
 
 
                                                                                                                                                                                          Prerequisites
                                                                                                                                                                                          A CCE Turbo cluster is available and the cluster version meets the requirements listed in the following table.
                                                                                                                                                                                          
 
-
                                                                                                                                                                                          Scenario
                                                                                                                                                                                          
+
                                                                                                                                                                                          
-
-
-
-
-
                                                                                                                                                                                          Scenario
                                                                                                                                                                                          
 
                                                                                                                                                                                          Cluster Version
                                                                                                                                                                                          
+
                                                                                                                                                                                          Cluster Version
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Allocating an EIP with a pod
                                                                                                                                                                                          
+
                                                                                                                                                                                          Allocating an EIP with a pod
                                                                                                                                                                                          
 
                                                                                                                                                                                          • v1.19: v1.19.16-r20 or later
                                                                                                                                                                                          • v1.21: v1.21.10-r0 or later
                                                                                                                                                                                          • v1.23: v1.23.8-r0 or later
                                                                                                                                                                                          • v1.25: v1.25.3-r0 or later
                                                                                                                                                                                          • Versions later than v1.25
                                                                                                                                                                                          
+
                                                                                                                                                                                          • v1.19: v1.19.16-r20 or later
                                                                                                                                                                                          • v1.21: v1.21.10-r0 or later
                                                                                                                                                                                          • v1.23: v1.23.8-r0 or later
                                                                                                                                                                                          • v1.25: v1.25.3-r0 or later
                                                                                                                                                                                          • Versions later than v1.25
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Using an existing EIP for a pod
                                                                                                                                                                                          
+
                                                                                                                                                                                          Using an existing EIP for a pod
                                                                                                                                                                                          
 
                                                                                                                                                                                          v1.23: v1.23.16-r0 or later
                                                                                                                                                                                          
+
                                                                                                                                                                                          v1.23: v1.23.16-r0 or later
                                                                                                                                                                                          
 
                                                                                                                                                                                          v1.25: v1.25.11-r0 or later
                                                                                                                                                                                          
 
                                                                                                                                                                                          v1.27: v1.27.8-r0 or later
                                                                                                                                                                                          
 
                                                                                                                                                                                          v1.28: v1.28.6-r0 or later
                                                                                                                                                                                          
@@ -31,7 +31,7 @@
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
-
                                                                                                                                                                                          Notes and Constraints
                                                                                                                                                                                          • To access a pod bound with an EIP from the Internet, add security group rules to allow the target request traffic.
                                                                                                                                                                                          • Only one EIP can be bound to a pod.
                                                                                                                                                                                          • Configure the EIP-related annotation when creating a pod. After the pod is created, the annotations related to the EIP cannot be modified.
                                                                                                                                                                                          • Do not perform operations on the EIP associated with a pod through the EIP console or API. Otherwise, the EIP may malfunction. The operations include changing the EIP name, deleting, and unbinding or binding the EIP.
                                                                                                                                                                                          • After an automatically allocated EIP is manually deleted, the network malfunctions. In this case, rebuild the pod.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Notes and Constraints
                                                                                                                                                                                          • To access a pod bound with an EIP from the Internet, add security group rules to allow the target request traffic.
                                                                                                                                                                                          • Only one EIP can be bound to a pod.
                                                                                                                                                                                          • Configure the EIP-related annotation when creating a pod. After the pod is created, the annotations related to the EIP cannot be modified.
                                                                                                                                                                                          • Do not perform operations on the EIP associated with a pod through the EIP console or API. Otherwise, the EIP may malfunction. The operations include changing the EIP name, and deleting, unbinding, or binding the EIP.
                                                                                                                                                                                          • After an automatically allocated EIP is manually deleted, the network malfunctions. In this case, rebuild the pod.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Allocating an EIP with a Pod
                                                                                                                                                                                          If you set the pod-with-eip annotation to true when creating a pod, an EIP will be automatically allocated and bound to the pod.
                                                                                                                                                                                          
 
                                                                                                                                                                                           
                                                                                                                                                                                          • CCE will automatically add cluster ID, namespace, and pod name labels to an EIP that has been allocated automatically.
                                                                                                                                                                                          • If a pod is created with an automatically allocated EIP, deleting the pod will also delete the EIP.
                                                                                                                                                                                          
@@ -70,9 +70,9 @@ spec:
       imagePullSecrets:
         - name: default-secret
 
-
                                                                                                                                                                                          Table 1 Annotations of an EIP with a dedicated bandwidth
                                                                                                                                                                                          Annotation
                                                                                                                                                                                          
+
                                                                                                                                                                                          
-
@@ -82,9 +82,9 @@ spec:
 
-
-
@@ -93,31 +93,32 @@ spec:
 
-
-
-
-
-
-
-
-
@@ -127,9 +128,9 @@ spec:
 
-
-
@@ -172,9 +173,9 @@ spec:
       imagePullSecrets:
         - name: default-secret
 
-
                                                                                                                                                                                          Table 1 Annotations of an EIP with a dedicated bandwidth
                                                                                                                                                                                          Annotation
                                                                                                                                                                                          
 
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
+
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Default Value
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          yangtse.io/pod-with-eip
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/pod-with-eip
                                                                                                                                                                                          
 
                                                                                                                                                                                          Yes
                                                                                                                                                                                          
+
                                                                                                                                                                                          Yes
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          false
                                                                                                                                                                                          
 
                                                                                                                                                                                          false or true
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          yangtse.io/eip-bandwidth-size
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/eip-bandwidth-size
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          5
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Bandwidth, in Mbit/s
                                                                                                                                                                                          
 
                                                                                                                                                                                          The value range varies depending on the region and bandwidth billing mode. For details, see the EIP console.
                                                                                                                                                                                          
+
                                                                                                                                                                                          The value range varies depending on the region and bandwidth billing mode. For details, see the page on the EIP console.
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          yangtse.io/eip-network-type
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/eip-network-type
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          5_bgp
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          EIP type
                                                                                                                                                                                          
 
                                                                                                                                                                                          The type varies depending on the region. For details, see on the EIP console.
                                                                                                                                                                                          
+
                                                                                                                                                                                          The type varies depending on the region. For details, see the page on the EIP console.
                                                                                                                                                                                          
+
                                                                                                                                                                                           		
 
                                                                                                                                                                                          yangtse.io/eip-charge-mode
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/eip-charge-mode
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          None
                                                                                                                                                                                          
 
                                                                                                                                                                                          • bandwidth: billed by bandwidth
                                                                                                                                                                                          • traffic: billed by traffic
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          yangtse.io/eip-bandwidth-name
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/eip-bandwidth-name
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Pod name
                                                                                                                                                                                          
 
                                                                                                                                                                                          Table 2 Annotations of an EIP with a shared bandwidth
                                                                                                                                                                                          Annotation
                                                                                                                                                                                          
+
                                                                                                                                                                                          
-
@@ -184,32 +185,32 @@ spec:
 
-
-
-
-
-
-
-
@@ -257,19 +258,19 @@ spec:
       imagePullSecrets:
         - name: default-secret
 
-
                                                                                                                                                                                          Table 2 Annotations of an EIP with a shared bandwidth
                                                                                                                                                                                          Annotation
                                                                                                                                                                                          
 
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
+
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Default Value
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          yangtse.io/pod-with-eip
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/pod-with-eip
                                                                                                                                                                                          
 
                                                                                                                                                                                          Yes
                                                                                                                                                                                          
+
                                                                                                                                                                                          Yes
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          false
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          Whether to allocate an EIP with a pod and bind the EIP to the pod
                                                                                                                                                                                          
 
                                                                                                                                                                                          false or true
                                                                                                                                                                                          
+
                                                                                                                                                                                          false or true
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          yangtse.io/eip-network-type
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/eip-network-type
                                                                                                                                                                                          
 
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          5_bgp
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          EIP type
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          • 5_bgp
                                                                                                                                                                                          
-
                                                                                                                                                                                          The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                                          
+
                                                                                                                                                                                          The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          yangtse.io/eip-bandwidth-id
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/eip-bandwidth-id
                                                                                                                                                                                          
 
                                                                                                                                                                                          Mandatory when a shared bandwidth is used
                                                                                                                                                                                          
+
                                                                                                                                                                                          Mandatory when a shared bandwidth is used
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          None
                                                                                                                                                                                          
 
                                                                                                                                                                                          Table 3 Annotations for using an existing EIP
                                                                                                                                                                                          Annotation
                                                                                                                                                                                          
+
                                                                                                                                                                                          
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0735.html b/docs/cce/umn/cce_10_0735.html
new file mode 100644
index 000000000..3d2115880
--- /dev/null
+++ b/docs/cce/umn/cce_10_0735.html
@@ -0,0 +1,80 @@
+
+
+
                                                                                                                                                                                          Configuring a Slow Start for a LoadBalancer Ingress
                                                                                                                                                                                          
+
                                                                                                                                                                                          With slow start configured, a load balancer linearly increases the proportion of requests to backend server pods. When the slow start duration elapses, the load balancer sends full share of requests to backend pods and exits the slow start mode. Slow start gives applications time to warm up and respond to requests with optimal performance.
                                                                                                                                                                                          
+
                                                                                                                                                                                           
                                                                                                                                                                                          After a slow start is configured, if you delete the target annotation from the YAML file, slow start will not be enabled.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Prerequisites
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Notes and Constraints
                                                                                                                                                                                          • Only dedicated load balancers support slow start for HTTP and HTTPS backend server groups.
                                                                                                                                                                                          • Slow start takes effect only when the weighted round robin algorithm is used.
                                                                                                                                                                                          • Slow start takes effect only for new backend server pods.
                                                                                                                                                                                          • After the slow start duration elapses, backend servers will not enter the slow start mode again.
                                                                                                                                                                                          • Slow start takes effect when health check is enabled and backend server pods are running properly.
                                                                                                                                                                                          • If health check is disabled, slow start takes effect immediately.
                                                                                                                                                                                          • With slow start configured for an ingress, all forwarding policies of the ingress take effect.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Procedure
                                                                                                                                                                                          1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                          2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                            vi ingress-test.yaml
                                                                                                                                                                                            
+
                                                                                                                                                                                            An example YAML file of an ingress associated with an existing load balancer is as follows:
                                                                                                                                                                                            
+
                                                                                                                                                                                            apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-test
+  namespace: default
+  annotations:
+    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.slowstart: '30' #Configure a slow start.
+spec:
+  rules:
+    - host: ''
+      http:
+        paths:
+          - path: /
+            backend:
+              service:
+                name: <your_service_name>  # Replace it with the name of your target Service.
+                port:
+                  number: 80             # Replace 80 with the port number of your target Service.
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+            pathType: ImplementationSpecific
+  ingressClassName: cce
                                                                                                                                                                                            
+
+
                                                                                                                                                                                          Table 3 Annotations for using an existing EIP
                                                                                                                                                                                          Annotation
                                                                                                                                                                                          
 
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
+
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
 
                                                                                                                                                                                          Description
                                                                                                                                                                                          
+
                                                                                                                                                                                          Description
                                                                                                                                                                                          
                                                                                                                                                                                           		
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          yangtse.io/eip-id
                                                                                                                                                                                          
+
                                                                                                                                                                                          yangtse.io/eip-id
                                                                                                                                                                                          
 
                                                                                                                                                                                          Yes
                                                                                                                                                                                          
+
                                                                                                                                                                                          Yes
                                                                                                                                                                                          
 
                                                                                                                                                                                          EIP ID
                                                                                                                                                                                          
+
                                                                                                                                                                                          EIP ID
                                                                                                                                                                                          
 
                                                                                                                                                                                          How to obtain:
                                                                                                                                                                                          
 
                                                                                                                                                                                          Log in to the EIP console, click the name of the target EIP in the EIP list, and copy the ID field.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                          Table 1 Parameters for configuring a slow start
                                                                                                                                                                                          Parameter
                                                                                                                                                                                          
+
                                                                                                                                                                                          Mandatory
                                                                                                                                                                                          
+
                                                                                                                                                                                          Type
                                                                                                                                                                                          
+
                                                                                                                                                                                          Description
                                                                                                                                                                                          
+
                                                                                                                                                                                          kubernetes.io/elb.slowstart
                                                                                                                                                                                          
+
                                                                                                                                                                                          No
                                                                                                                                                                                          
+
                                                                                                                                                                                          String
                                                                                                                                                                                          
+
                                                                                                                                                                                          Specifies whether to enable slow start. After you enable it, the load balancer linearly increases the proportion of requests to backend server pods in this mode. When the slow start duration elapses, the load balancer sends full share of requests to backend server pods and exits the slow start mode.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Clusters later than v1.23 support this field.
                                                                                                                                                                                          
+
                                                                                                                                                                                          The slow start duration ranges from 30 to 1200.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Duration of slow start, in seconds.
                                                                                                                                                                                          
+
                                                                                                                                                                                          • Grayscale release applies only to dedicated load balancers.
                                                                                                                                                                                          • This parameter is valid only when the allocation policy of the target Service is weighted round robin (WRR) and sticky session is disabled.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        5. Create an ingress.
                                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                                          
+
                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                          
+
                                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                                          
+
                                                                                                                                                                                        6. Check the created ingress.
                                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                                          
+
                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                          
+
                                                                                                                                                                                          NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                                          
+
                                                                                                                                                                                          7. 
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0744.html b/docs/cce/umn/cce_10_0744.html
new file mode 100644
index 000000000..ea6d07bf1
--- /dev/null
+++ b/docs/cce/umn/cce_10_0744.html
@@ -0,0 +1,28 @@
+
+
+
                                                                                                                                                                                          Revoking a Cluster Access Credential
                                                                                                                                                                                          
+
                                                                                                                                                                                          In multi-tenant scenarios, CCE generates a credential (kubeconfig or X.509 certificate) for you to access the corresponding cluster. The credential contains user identity and authorization information so that you can access the cluster and perform authorized operations on it. Credentials ensure security between IAM users for user management and authorization. However, the validity period of a credential is usually fixed. When an employee holding the credential resigns or an authorized credential is disclosed, you need to manually revoke the credential to ensure cluster security.
                                                                                                                                                                                          
+
                                                                                                                                                                                          The credentials can be revoked in the following scenarios:
                                                                                                                                                                                          
+
                                                                                                                                                                                          • IAM users (non-administrators) intend to revoke their own credentials.
                                                                                                                                                                                          • Accounts or administrators (users in the admin user group) can revoke the credentials of other users or delegated accounts.
                                                                                                                                                                                          
+
                                                                                                                                                                                           
                                                                                                                                                                                          After a credential is revoked, the holder of the credential cannot access the cluster, and the revoked credential cannot be restored. Exercise caution when performing this operation.
                                                                                                                                                                                          
+
                                                                                                                                                                                          To access the same cluster, you need to regenerate a credential.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Prerequisites
                                                                                                                                                                                          A cluster of v1.19.16-r50, v1.21.11-r10, v1.23.9-r10, v1.25.4-r10, v1.27.1-r10, or later is available.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Operations Performed by IAM Users
                                                                                                                                                                                          IAM users can only revoke their own credentials. To revoke a credential, perform the following operations:
                                                                                                                                                                                          
+
                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                          2. Choose Overview in the navigation pane. In the right pane, locate the Connection Information area and click Revoke for Certificate Authentication.
                                                                                                                                                                                          3. In the dialog box displayed, enter REVOKE in the confirmation box and click OK if you are sure you want to revoke the credential.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Operations Performed by Accounts or Administrators
                                                                                                                                                                                          Accounts or administrators (users in the admin user group) can revoke the credentials of other users or delegated accounts. To revoke a credential, see the following operations:
                                                                                                                                                                                          
+
                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                          2. Choose Overview in the navigation pane. In the right pane, locate the Connection Information area and click Revoke for Certificate Authentication.
                                                                                                                                                                                          3. Select a certificate applicant and revoke the certificate. The revoked certificate cannot be restored. Exercise caution when performing this operation.
                                                                                                                                                                                            • User: Select an IAM user and revoke its credential.
                                                                                                                                                                                            • Account: Select an agency account and revoke its credentials.
                                                                                                                                                                                            • Specify User ID/Delegacy ID: If the user has been deleted or you log in to the system through an identity provider, manually enter the user ID. If the delegated account has been deleted, manually enter the delegated ID.
                                                                                                                                                                                              You can use the following solution to obtain the ID:
                                                                                                                                                                                              
+
                                                                                                                                                                                              • If you can obtain the certificate downloaded by the applicant, the name (CN - Common Name) of the certificate is the required ID.
                                                                                                                                                                                              • If you cannot obtain the certificate downloaded by the applicant, use Cloud Trace Service (CTS) to obtain the events of deleting a user (deleteUser) and deleting an agency (deleteAgency). The resource IDs of the events are the IDs of the deleted user and delegated account, respectively.
                                                                                                                                                                                              
+
                                                                                                                                                                                              If the required ID cannot be obtained using the preceding methods, submit a service ticket to O&M personnel.
                                                                                                                                                                                              
+
                                                                                                                                                                                            
+
                                                                                                                                                                                          4. In the dialog box displayed, enter REVOKE in the confirmation box and click OK if you are sure you want to revoke the credential.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Parent topic: Connecting to a Cluster
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_10_0766.html b/docs/cce/umn/cce_10_0766.html
index 41eccc3af..8f5b03f7d 100644
--- a/docs/cce/umn/cce_10_0766.html
+++ b/docs/cce/umn/cce_10_0766.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                          CCE has resolved this issue by using Volcano Scheduler to evict pods that do not comply with the configured policy so that pods can be rescheduled. In this way, the cluster load is balanced and resource fragmentation is minimized.
                                                                                                                                                                                          
 
                                                                                                                                                                                          Features
                                                                                                                                                                                          Load-aware Descheduling
                                                                                                                                                                                          
 
                                                                                                                                                                                          During Kubernetes cluster management, over-utilized nodes are due to high CPU or memory usage, which affects the stable running of pods on these nodes and increases the probability of node faults. To dynamically balance the resource usage between nodes in a cluster, a cluster resource view is required based on node monitoring metrics. During cluster management, real-time monitoring can be used to detect issues such as high resource usage on a node, node faults, and excessive number of pods on a node so that the system can take measures promptly, for example, by migrating some pods from an over-utilized node to under-utilized nodes.
                                                                                                                                                                                          
-
                                                                                                                                                                                          Figure 1 Load-aware descheduling
                                                                                                                                                                                          
+
                                                                                                                                                                                          Figure 1 Load-aware descheduling
                                                                                                                                                                                          
 
                                                                                                                                                                                          When using this add-on, ensure the highThresholds value is greater than the lowThresholds value. Otherwise, the descheduler cannot work.
                                                                                                                                                                                          
 
                                                                                                                                                                                          • Appropriately utilized node: a node whose resource usage is greater than or equal to 30% and less than or equal to 80%. The resource usage of appropriately utilized nodes is within the expected range.
                                                                                                                                                                                          • Over-utilized node: a node whose resource usage is higher than 80%. Some pods will be evicted from over-utilized nodes to reduce its resource usage to be less than or equal to 80%. The descheduler will schedule the evicted pods to under-utilized nodes.
                                                                                                                                                                                          • Under-utilized node: a node whose resource usage is lower than 30%.
                                                                                                                                                                                          
 
                                                                                                                                                                                          HighNodeUtilization
                                                                                                                                                                                          
@@ -16,7 +16,9 @@
 
                                                                                                                                                                                          Notes and Constraints
                                                                                                                                                                                          • Pods need to be rescheduled using a scheduler, and no scheduler can label pods or nodes. Therefore, an evicted pod might be rescheduled to the original node.
                                                                                                                                                                                          • Descheduling does not support anti-affinity between pods. An evicted pod is in anti-affinity relationship with other running pods. Therefore, the scheduler may still schedule the pod back to the node where the pod was evicted from.
                                                                                                                                                                                          • When configuring load-aware descheduling, you are required to enable load-aware scheduling on Volcano Scheduler. When configuring HighNodeUtilization, you are required to enable bin packing on Volcano Scheduler.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Configuring a Load-aware Descheduling Policy
                                                                                                                                                                                          When configuring a load-aware descheduling policy, do as follows to enable load-aware scheduling on Volcano Scheduler:
                                                                                                                                                                                          
-
                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab on the right side of the page. Then, enable load-aware scheduling. 
                                                                                                                                                                                          2. In the navigation pane, choose Add-ons. Locate Volcano Scheduler on the right and click Install or Edit.
                                                                                                                                                                                          3. In the Parameters area, modify Advanced Settings to configure the load-aware descheduling policy. The following shows a configuration example for Volcano 1.11.21 or later:
                                                                                                                                                                                            {
+
                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab on the right side of the page. Then, enable load-aware scheduling. For details, see Load-aware Scheduling.
                                                                                                                                                                                            2. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                            3. Configure a load-aware descheduling policy. The following shows a configuration example in JSON format for Volcano v1.11.21 or later:
                                                                                                                                                                                              {
   "colocation_enable": "",
   "default_scheduler_conf": {
     "actions": "allocate, backfill, preempt",
@@ -207,7 +209,7 @@
   "cpu": 60,
   "memory": 65
 }
                                                                                                                                                                                              
-
                                                                                                                                                                                            4. thresholds: threshold for a node to run pods. If the node value is less than the threshold, the node allows evicted pods to run. Example:
                                                                                                                                                                                              {
+
                                                                                                                                                                                            5. thresholds: threshold for a node to run pods. When the CPU or memory usage of a node is less than the threshold, the node allows evicted pods to run. Example:
                                                                                                                                                                                              {
   "cpu": 30,
   "memory": 30
 }
                                                                                                                                                                                              
@@ -221,7 +223,9 @@
 
                                                                                                                                                                                            6. Click OK.
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Configuring a HighNodeUtilization Policy
                                                                                                                                                                                          When configuring a HighNodeUtilization policy, do as follows to enable the bin packing policy on Volcano Scheduler:
                                                                                                                                                                                          
-
                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab on the right side of the page. Then, enable bin packing. For details, see Bin Packing.
                                                                                                                                                                                          2. In the navigation pane, choose Add-ons. Locate Volcano Scheduler on the right and click Install or Edit.
                                                                                                                                                                                          3. In the Parameters area, modify Advanced Settings to configure the HighNodeUtilization policy.
                                                                                                                                                                                            {
+
                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Settings and click the Scheduling tab on the right side of the page. Then, enable bin packing. For details, see Bin Packing.
                                                                                                                                                                                            2. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                            3. Configure a resource defragmentation policy. The following shows a configuration example in JSON format:
                                                                                                                                                                                              {
   "colocation_enable": "",
   "default_scheduler_conf": {
     "actions": "allocate, backfill, preempt",
@@ -399,13 +403,13 @@
 
                                                                                                                                                                                            4. Click OK.
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Use Cases
                                                                                                                                                                                          HighNodeUtilization
                                                                                                                                                                                          
-
                                                                                                                                                                                          1. Check the nodes in a cluster. It is found that some nodes are under-utilized.
                                                                                                                                                                                            
-
                                                                                                                                                                                          2. Edit the Volcano parameters to enable the descheduler and set the CPU and memory usage thresholds to 25. When the CPU and memory usage of a node is less than 25%, pods on the node will be evicted.
                                                                                                                                                                                            
-
                                                                                                                                                                                          3. After the policy takes effect, pods on the node with IP address 192.168.44.152 will be migrated to the node with IP address 192.168.54.65 for minimized resource fragments.
                                                                                                                                                                                            
+
                                                                                                                                                                                            1. Check the nodes in a cluster. It is found that some nodes are under-utilized.
                                                                                                                                                                                              
+
                                                                                                                                                                                            2. Edit the Volcano parameters to enable the descheduler and set the CPU and memory usage thresholds to 25. When the CPU and memory usage of a node is less than 25%, pods on the node will be evicted.
                                                                                                                                                                                              
+
                                                                                                                                                                                            3. After the policy takes effect, pods on the node with IP address 192.168.44.152 will be migrated to the node with IP address 192.168.54.65 for minimized resource fragments.
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Common Issues
                                                                                                                                                                                          If an input parameter is incorrect, for example, the entered value is beyond the accepted value range or in an incorrect format, an event will be generated. In this case, modify the parameter setting as prompted.
                                                                                                                                                                                          
-
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0767.html b/docs/cce/umn/cce_10_0767.html
index 2d05410cc..084759e5b 100644
--- a/docs/cce/umn/cce_10_0767.html
+++ b/docs/cce/umn/cce_10_0767.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                          Volcano aims to soft schedule service pods to specified nodes when node soft affinity is not configured on service workloads.
                                                                                                                                                                                          
 
                                                                                                                                                                                          Scheduling Priority
                                                                                                                                                                                          Soft affinity scheduling of a node pool is implemented based on labels in the node pool. Each node in the node pool is scored to select the optimal one for pod scheduling.
                                                                                                                                                                                          
 
                                                                                                                                                                                          The rule is to schedule pods to nodes with specified labels as far as possible.
                                                                                                                                                                                          
-
                                                                                                                                                                                          The formula for scoring a node is as follows:
                                                                                                                                                                                          
+
                                                                                                                                                                                          The scoring formula is as follows:
                                                                                                                                                                                          
 
                                                                                                                                                                                          Node score = Weight x MaxNodeScore x haveLabel
                                                                                                                                                                                          
 
                                                                                                                                                                                          Parameters:
                                                                                                                                                                                          
 
                                                                                                                                                                                          • Weight: weight of the soft affinity add-on in the node pool.
                                                                                                                                                                                          • MaxNodeScore: maximum score (100) of a node.
                                                                                                                                                                                          • haveLabel: whether the labels configured in the add-on are available on a node. If yes, the value is 1. If no, the value is 0.
                                                                                                                                                                                          
@@ -13,7 +13,9 @@
 
                                                                                                                                                                                          Prerequisites
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Configuring Soft Affinity Scheduling for Volcano Node Pools
                                                                                                                                                                                          1. Configure labels for affinity scheduling in the node pool.
                                                                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                                                                            2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                                            3. Click Update of the target node pool. On the page that is displayed, configure labels in the Kubernetes Label area.
                                                                                                                                                                                            
-
                                                                                                                                                                                          2. Choose Add-ons in the navigation pane, locate Volcano Scheduler on the right, click Install or Edit, and configure Volcano scheduler parameters in the Parameters area.
                                                                                                                                                                                            ...
+
                                                                                                                                                                                          3. On the Scheduling tab page, select Volcano scheduler, find the expert mode, and click Try Now.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                          4. Configure Volcano scheduler parameters. The following shows a configuration example in JSON format:
                                                                                                                                                                                            ...
     "default_scheduler_conf": {
         "actions": "allocate, backfill, preempt",
         "tiers": [
diff --git a/docs/cce/umn/cce_10_0768.html b/docs/cce/umn/cce_10_0768.html
index b3a8b7597..b170e54c8 100644
--- a/docs/cce/umn/cce_10_0768.html
+++ b/docs/cce/umn/cce_10_0768.html
@@ -1,8 +1,7 @@
 
 
 
                                                                                                                                                                                            Resource Usage-based Scheduling
                                                                                                                                                                                            
-
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                              
 
                                                                                                                                                                                            • Bin Packing
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0773.html b/docs/cce/umn/cce_10_0773.html
index 4397df46f..1247c2802 100644
--- a/docs/cce/umn/cce_10_0773.html
+++ b/docs/cce/umn/cce_10_0773.html
@@ -15,53 +15,54 @@
 
                                                                                                                                                                                              Binpack.weight x (CPU.score + Memory.score + GPU.score)/(CPU.weight + Memory.weight + GPU.weight) x 100
                                                                                                                                                                                              
 
                                                                                                                                                                                              A larger bin packing weight leads to a higher score. A larger resource weight leads to a greater influence in the node score. The parameters in the formula for scoring a node are as follows:
                                                                                                                                                                                              
 
                                                                                                                                                                                              • Binpack.weight: bin packing weight
                                                                                                                                                                                              • CPU.score: calculated CPU score; CPU.weight: customized CPU weight
                                                                                                                                                                                              • Memory.score: calculated memory score; Memory.weight: customized memory weight
                                                                                                                                                                                              • GPU.score: calculated GPU score; GPU.weight: customized GPU weight
                                                                                                                                                                                              
-
                                                                                                                                                                                              Figure 1 Bin packing example
                                                                                                                                                                                              
+
                                                                                                                                                                                              Figure 1 Bin packing example
                                                                                                                                                                                              
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            As shown in the figure, there are two nodes in the cluster. When pods need to be scheduled, the bin packing policy scores the two nodes separately.
                                                                                                                                                                                            
-
                                                                                                                                                                                            1. The scoring for node 1 is as follows:
                                                                                                                                                                                              Each resource is scored using the following formula: CPU.weight x (Requested + Used)/Allocatable
                                                                                                                                                                                              
-
                                                                                                                                                                                              • CPU score: 1 x (2 + 4)/8 = 0.75
                                                                                                                                                                                              • Memory score: 1 x (4 + 8)/16 = 0.75
                                                                                                                                                                                              • GPU score: 2 x (4 + 4)/8 = 1
                                                                                                                                                                                              
+
                                                                                                                                                                                              In this figure, there are two nodes in the cluster. When pods need to be scheduled, the bin packing policy scores the two nodes separately.
                                                                                                                                                                                              
+
                                                                                                                                                                                              For example, CPU.weight is set to 1, Memory.weight is set to 1, GPU.weight is set to 2, and binpack.weight is set to 5 in a cluster.
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. Scoring for node 1
                                                                                                                                                                                                The score of each resource type is calculated using the following formulas:
                                                                                                                                                                                                
+
                                                                                                                                                                                                • CPU: CPU.weight x (Requested + Used)/Allocatable = 1 x (2 + 4)/8 = 0.75
                                                                                                                                                                                                • Memory: Memory.weight x (Requested + Used)/Allocatable = 1 x (4 + 8)/16 = 0.75
                                                                                                                                                                                                • GPU: GPU.weight x (Requested + Used)/Allocatable = 2 x (4 + 4)/8 = 2
                                                                                                                                                                                                
 
                                                                                                                                                                                                The total score of each node is calculated using the following formula: Binpack.weight x (CPU.score + Memory.score + GPU.score)/(CPU.weight + Memory.weight + GPU.weight) x 100
                                                                                                                                                                                                
-
                                                                                                                                                                                                Score of node 1: 5 x (0.75 + 0.75 + 1)/(1 + 1 + 2) x 100 = 312.5
                                                                                                                                                                                                
-
                                                                                                                                                                                              2. The scoring for node 2 is as follows:
                                                                                                                                                                                                • CPU score: 1 x (2 + 6)/8 = 1
                                                                                                                                                                                                • Memory score: 1 x (4 + 8)/16 = 0.75
                                                                                                                                                                                                • GPU score: 2 x (4 + 4)/8 = 1
                                                                                                                                                                                                
-
                                                                                                                                                                                                Score of node 2: 5 x (1 + 0.75 + 1)/(1 + 1 + 2) x 100 = 343.75
                                                                                                                                                                                                
+
                                                                                                                                                                                                If binpack.weight is set to 5, the score of node 1 is calculated as follows: 5 x (0.75 + 0.75 + 2)/(1 + 1 + 2) x 100 = 437.5
                                                                                                                                                                                                
+
                                                                                                                                                                                              3. Scoring for node 2
                                                                                                                                                                                                • CPU: CPU.weight x (Requested + Used)/Allocatable = 1 x (2 + 6)/8 = 1
                                                                                                                                                                                                • Memory: Memory.weight x (Requested + Used)/Allocatable = 1 x (4 + 8)/16 = 0.75
                                                                                                                                                                                                • GPU: GPU.weight x (Requested + Used)/Allocatable = 2 x (4 + 4)/8 = 2
                                                                                                                                                                                                
+
                                                                                                                                                                                                Score of node 2: 5 x (1 + 0.75 + 2)/(1 + 1 + 2) x 100 = 468.75
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              The calculation results show that the score of node 2 is greater than that of node 1. According to the bin packing policy, new pods will be preferentially scheduled to node 2.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Configuring Bin Packing
                                                                                                                                                                                              After Volcano is installed, bin packing takes effect by default. If the default configuration cannot meet your requirements, you can customize the weight of bin packing and the weight of each resource on the Scheduling page. To do so, perform the following operations:
                                                                                                                                                                                              
-
                                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                                              3. In the Resource utilization optimization scheduling area, modify the bin packing settings.
                                                                                                                                                                                                
-
                                                                                                                                                                                                Table 1 Bin packing weight
                                                                                                                                                                                                Item
                                                                                                                                                                                                
+
                                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                                                3. In the Resource utilization optimization scheduling configuration, enable bin packing.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0774.html b/docs/cce/umn/cce_10_0774.html
index 750665eaf..4aff68f84 100644
--- a/docs/cce/umn/cce_10_0774.html
+++ b/docs/cce/umn/cce_10_0774.html
@@ -1,8 +1,7 @@
 
                                                                                                                                                                                                  Priority-based Scheduling
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  • Priority-based Scheduling
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0775.html b/docs/cce/umn/cce_10_0775.html
index ad7102639..1a53efa64 100644
--- a/docs/cce/umn/cce_10_0775.html
+++ b/docs/cce/umn/cce_10_0775.html
@@ -7,19 +7,15 @@
 
                                                                                                                                                                                                    Overview
                                                                                                                                                                                                    The services running in a cluster are diversified, including core services, non-core services, online services, and offline services. You can configure priorities for different services based on service importance and SLA requirements. For example, configure a high priority for core services and online services so that such services preferentially obtain cluster resources. 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Table 1 lists the priority-based scheduling supported by CCE clusters.
                                                                                                                                                                                                    
 
-
                                                                                                                                                                                                  Table 1 Bin packing weights
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Default Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default Value
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Binpack Scheduling Strategy Weight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Binpack Scheduling Strategy Weight
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  A larger value indicates a higher weight of the bin packing policy in overall scheduling.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A larger value indicates a higher weight of the bin packing policy in overall scheduling.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  10
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  10
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  CPU Weight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  CPU Weight
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  A larger value indicates a higher cluster CPU usage.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A larger value indicates a higher cluster CPU usage.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  1
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  Memory Weight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Memory Weight
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  A larger value indicates a higher cluster memory usage.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A larger value indicates a higher cluster memory usage.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  1
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  Custom Resource Type
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Custom Resource Type
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Other custom resource types requested by pods, for example, nvidia.com/gpu. A larger value indicates a higher usage of the specified cluster resource.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Other custom resource types requested by pods, for example, nvidia.com/gpu. A larger value indicates a higher usage of the specified cluster resource.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  None
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  None
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
                                                                                                                                                                                                   
 
 
 
                                                                                                                                                                                                  Table 1 Priority-based scheduling
                                                                                                                                                                                                  Scheduling Type
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0776.html b/docs/cce/umn/cce_10_0776.html
index 1e774a730..4c3753d16 100644
--- a/docs/cce/umn/cce_10_0776.html
+++ b/docs/cce/umn/cce_10_0776.html
@@ -1,8 +1,7 @@
 
                                                                                                                                                                                                  AI Performance-based Scheduling
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  • DRF
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0777.html b/docs/cce/umn/cce_10_0777.html
index 9a68e655d..db8791d27 100644
--- a/docs/cce/umn/cce_10_0777.html
+++ b/docs/cce/umn/cce_10_0777.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                                                    Share = Total requested resources/Cluster resources
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    If a job involves multiple resources, the resource with the largest share value is the dominant resource. The share value of the dominant resource will be used in priority-based scheduling.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    For example, there are two workloads, job 1 and job 2. The following figure shows the resources requested by the two jobs. After DRF calculation, the dominant resource of job 1 is memory, and its share value is 0.4; the dominant resource of job 2 is CPU, and its share value is 0.5. Since the dominant resource share of job 1 is less than that of job 2, job 1 takes precedence over job 2 in scheduling according to the max-min fairness policy.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Figure 1 DRF scheduling
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Figure 1 DRF scheduling
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Configuring DRF
                                                                                                                                                                                                    After Volcano is installed, you can enable or disable DRF scheduling on the Scheduling page. This function is enabled by default.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                                    2. Click the cluster name to access the cluster console. Choose Settings in the navigation pane. In the right pane, click the Scheduling tab.
                                                                                                                                                                                                    3. In the AI task performance enhanced scheduling pane, select whether to enable DRF.
                                                                                                                                                                                                      This function helps you enhance the service throughput of the cluster and improve service running performance.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    4. Click Confirm.
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0781.html b/docs/cce/umn/cce_10_0781.html
new file mode 100644
index 000000000..51aaaef55
--- /dev/null
+++ b/docs/cce/umn/cce_10_0781.html
@@ -0,0 +1,25 @@
+
+
+
                                                                                                                                                                                                    Settings
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
+
diff --git a/docs/cce/umn/cce_10_0782.html b/docs/cce/umn/cce_10_0782.html
new file mode 100644
index 000000000..9b2fa1aba
--- /dev/null
+++ b/docs/cce/umn/cce_10_0782.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                                                    Dashboard
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Settings offers you an entry to check and modify the basic settings of clusters. It includes information from dimension like Cluster Information, Cluster Settings, Master Node AZs, and Installed Add-ons.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Accessing the Settings
                                                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                    2. In the navigation pane, choose Settings and click the Dashboard tab.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Cluster Information
                                                                                                                                                                                                    It includes:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • ID: uniquely identifies a cluster resource. It is automatically generated after a cluster is created and can be used in scenarios such as API calling.
                                                                                                                                                                                                    • Current Name: After a cluster is created, you can click  to change its name.
                                                                                                                                                                                                    • Original Name: specifies a cluster's original name after its current name is changed. The current name of a cluster must be unique.
                                                                                                                                                                                                    • Status: specifies the status of a cluster. For details, see Cluster Lifecycle.
                                                                                                                                                                                                    • Type: specifies whether a cluster is a CCE standard or a CCE Turbo cluster. For details about the differences between CCE standard and CCE Turbo clusters, see Comparison Between Cluster Types.
                                                                                                                                                                                                    • Created On: specifies the time when a cluster was created. You will be billed based on the creation time of clusters.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Cluster Settings
                                                                                                                                                                                                    After a cluster is created, you can modify the following items for it:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • Cluster Scale: specifies how many nodes a cluster can manage at most. You can change the cluster scale as needed. For details, see Changing Cluster Scale.
                                                                                                                                                                                                    • Cluster Version | Patch Version: specifies the Kubernetes version and CCE patch version of a cluster.
                                                                                                                                                                                                    • Network Model: specifies the network model of a cluster, which cannot be changed. For details about network models, see Container Network.
                                                                                                                                                                                                    • Resource Tag: You can add resource tags to classify resources.
                                                                                                                                                                                                    • Cluster Description: specifies the description that you entered for a cluster. A maximum of 200 characters are allowed.
                                                                                                                                                                                                    • Cluster Deletion Protection: A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters on CCE.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Master Node AZs
                                                                                                                                                                                                    You can check how many master nodes are supported in a cluster. 
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Installed Add-ons
                                                                                                                                                                                                    You can check the installed add-ons in a cluster. If there is an add-on to be upgraded in the cluster, click Go to Upgrade to go to the Add-ons page and see more details.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parent topic: Settings
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0783.html b/docs/cce/umn/cce_10_0783.html
new file mode 100644
index 000000000..703bf87e3
--- /dev/null
+++ b/docs/cce/umn/cce_10_0783.html
@@ -0,0 +1,83 @@
+
+
+
                                                                                                                                                                                                    Cluster Access
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Access Mode
                                                                                                                                                                                                    • kubectl: You need to download and configure the kubectl and kubeconfig configuration files first, and then use kubectl to access a Kubernetes cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                    • EIP: You can bind an EIP to the cluster API server. Then, the cluster API server can access the public network.
                                                                                                                                                                                                       
                                                                                                                                                                                                      • Binding an EIP to a cluster could bring the cluster potential access risks from the public network. You are advised to harden the inbound rule of port 5443 for the master node security group. 
                                                                                                                                                                                                      • This operation will restart kube-apiserver and update the cluster access certificate (kubeconfig). Do not perform any operations on the cluster during this time.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    • Custom SAN: The Subject Alternative Name (SAN) allows multiple values (including IP addresses and domain names) to be associated with certificates. After the custom SAN is configured in the cluster access certificate, the cluster can be accessed using the domain names or IP addresses specified by the SAN. For details, see Accessing a Cluster Using a Custom Domain Name.
                                                                                                                                                                                                       
                                                                                                                                                                                                      This operation will restart kube-apiserver and update the cluster access certificate (kubeconfig). Do not perform any operations on the cluster during this time.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Authentication
                                                                                                                                                                                                    CCE allows you to download the X509 certificate, which contains the client.key, client.crt, and ca.crt files. Keep your certificate secure.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    For details about how to use a certificate to access clusters, see Accessing a Cluster Using an X.509 Certificate.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    CCE supports X.509 certificate revocation. For details about how to revoke a cluster credential, see Revoking a Cluster Access Credential.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Server Request Settings
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  Table 1 Priority-based scheduling
                                                                                                                                                                                                  Scheduling Type
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Scheduler
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Priority-based scheduling
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Priority-based scheduling
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  The scheduler preferentially guarantees the running of high-priority pods, but will not evict low-priority pods that are running. Priority-based scheduling is enabled by default and cannot be disabled.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  kube-scheduler or Volcano scheduler
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The scheduler preferentially guarantees the running of high-priority pods, but will not evict low-priority pods that are running. Priority-based scheduling is enabled by default and cannot be disabled.
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
                                                                                                                                                                                                   
 
 
 
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 1 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Maximum Number of Concurrent Modification API Calls
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  max-mutating-requests-inflight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Maximum number of concurrent modification API calls. Any requests that exceeding the specified value will be rejected by the server.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The value 0 specifies that there is no limitation on the maximum number of concurrent modification calls. This parameter is related to the cluster scale. You are advised not to change the value.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Manual configuration is no longer supported since clusters of v1.21. The value is automatically specified based on the cluster scale:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • 200 for clusters with 50 or 200 worker nodes
                                                                                                                                                                                                  • 500 for clusters with 1000 worker nodes
                                                                                                                                                                                                  • 1000 for clusters with 2000 worker nodes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Maximum Number of Concurrent Non-Modification API Calls
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  max-requests-inflight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Maximum number of concurrent non-modification API calls. Any requests that exceeding the specified value will be rejected by the server.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The value 0 specifies that there is no limitation on the maximum number of concurrent non-modification calls. This parameter is related to the cluster scale. You are advised not to change the value.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Manual configuration is no longer supported since clusters of v1.21. The value is automatically specified based on the cluster scale:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • 400 for clusters with 50 or 200 worker nodes
                                                                                                                                                                                                  • 1000 for clusters with 1000 worker nodes
                                                                                                                                                                                                  • 2000 for clusters with 2000 worker nodes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Request Timeout
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  request-timeout
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default request timeout interval of kube-apiserver. Exercise caution when changing the value of this parameter. Ensure that the changed value is proper to prevent frequent API timeout or other errors.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter is available only in clusters of v1.19.16-r30, v1.21.10-r10, v1.23.8-r10, v1.25.3-r10, and later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1m0s
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Options:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Min ≥ 1s
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Max ≤ 1 hour
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Overload Control
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  support-overload
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cluster overload control. If enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter is available only in clusters of v1.23 or later.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  In particular scenarios, such as request burst over a short period of time, a cluster could still be overloaded even though overload control is enabled for it. In such cases, you are advised to manage and control access to the cluster in a timely manner.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  None
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_10_0784.html b/docs/cce/umn/cce_10_0784.html
new file mode 100644
index 000000000..7b2074614
--- /dev/null
+++ b/docs/cce/umn/cce_10_0784.html
@@ -0,0 +1,175 @@
+
+
+
                                                                                                                                                                                                  Network
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  You can configure a default security group and secondary CIDR block for your clusters.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cluster Network
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 1 Parameters
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  VPC
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  VPC where a cluster resides
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  VPC enables you to provision logically isolated, configurable, manageable virtual networks for cloud servers, cloud containers, and cloud databases. The VPC gives you complete control over your virtual network, allowing you to select your own IP address range, create subnets, configure security groups, and even assign EIPs and allocate bandwidth in your network, enabling secure and easy access to your business system.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  VPC CIDR Block
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  VPC CIDR Block of a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default Node Subnet
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node subnet of a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A subnet is a network that manages ECS network planes. It supports IP address management and DNS. ECSs in a subnet are assigned with its IP addresses.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  By default, ECSs in all subnets of the same VPC can communicate with one another, but ECSs in different VPCs cannot.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  You can create a VPC peering connection to enable ECSs in different VPCs to communicate with each other.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default Node Subnet | IPv4 CIDR Block
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node subnet CIDR block of a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Network Model
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Network model of a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  After a cluster is created, its network model cannot be changed. For details about the comparison between different network models, see Overview.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default Node Security Group
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default security group of the worker nodes in a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  You can select a custom security group as the default node security group for a cluster, and you need to allow traffic from specified ports in the security group to ensure normal communications in the cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  If the custom security group needs some modifications, the modified security group applies only to newly created or accepted nodes. For existing nodes, you need to manually modify the security group rules.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  CIDR blocks for non-masquerading access (available only in clusters using the VPC network model)
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  In a cluster using a VPC network, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are regarded as private CIDR blocks of the cluster by default. If the VPC to which the cluster resides uses a secondary CIDR block, operations such as creating or resetting a node will also add the secondary CIDR block to the private CIDR blocks.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address. Instead, the upper-layer VPC can directly send the pod data packet to the destination, which means, the pod IP address is directly used to communicate with the private CIDR block in the cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This function is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions. 
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  To enable a node to access a pod in another node, the node CIDR block must be added to this parameter.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Similarly, to enable an ECS to access the IP address of a pod in a cluster that is in the same VPC as the ECS, the ECS CIDR block must be added to this parameter.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Pod's Access to Metadata (available only in CCE Turbo clusters)
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Whether to allow pods in a cluster to access the node metadata, such as AZs and enterprise project IDs. This function is available only in clusters of v1.23.13-r0, v1.25.8-r0, v1.27.5-r0, v1.28.3-r0, or later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • If a pod is created when the function is enabled, whether it can access metadata depends on the function status.
                                                                                                                                                                                                  • If a pod is created when the function is disabled or in a cluster of an earlier version, it cannot access metadata regardless of the function status. To grant a pod access to metadata, it must be rebuilt while the function is enabled.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Service Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 2 Parameters
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Request Forwarding
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Forwarding mode of a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  After a cluster is created, the service forwarding mode cannot be changed. IPVS and iptables are supported. For details, see Comparing iptables and IPVS.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Service CIDR Block
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Each Service in a cluster has its own IP address. When creating a CCE cluster, you can specify the Service address range (Service CIDR block). The Service CIDR block cannot overlap with the subnet or the container CIDR block. The Service CIDR block can be used only within a cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Service Port Range
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  NodePort port range
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The default port range is 30000 to 32767. The port range can be changed to 20106 to 32767. After changing the value, go to the security group page and change the TCP/UDP port range of node security groups 30000 to 32767. Otherwise, ports other than the default port cannot be accessed from external networks.
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  If the port number is smaller than 20106, a conflict may occur between the port and the system health check port, which may further lead to unavailable cluster. If the port number is greater than 32767, a conflict may occur between the port and the random port of the OS, which may further affect the performance.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Container CIDR Blocks (Available only in Clusters Using the VPC Network Model)
                                                                                                                                                                                                  If a container CIDR block configured during cluster creation cannot meet service expansion requirements, you can add more container CIDR blocks. For details, see Adding a Container CIDR Block for a Cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  • This function is available only for clusters of v1.19 or later using a VPC network.
                                                                                                                                                                                                  • An added container CIDR block cannot be deleted.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Container Network (Available only in CCE Turbo Clusters)
                                                                                                                                                                                                  If you want different namespaces or workloads to use different subnet CIDR blocks or security groups, you can create a policy to associate subnets or security groups with namespaces or workloads. For details, see Binding a Subnet and Security Group to a Namespace or Workload Using a Container Network Configuration.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Associating a pod with a subnet: The pod IP address is restricted in a specific CIDR block. The networks between different namespaces or workloads are isolated from each other.
                                                                                                                                                                                                  • Associating a pod with a security group: You can configure security group rules for pods in the same namespace or workload to customize access policies.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  This configuration is supported only by CCE Turbo clusters. Pod subnets can be deleted from clusters of v1.23.17-r0, v1.25.12-r0, v1.27.9-r0, v1.28.7-r0, v1.29.3-r0, or later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Container Network Pre-binding Settings (Available only in CCE Turbo Clusters)
                                                                                                                                                                                                  A CCE Turbo cluster requests for and binds an ENI or sub-ENI to each pod. Pods support fast scaling. However, it takes some time to create and bind an ENI to a pod, which slows down the pod startup speed if large-scale ENIs are to be created in batches. Dynamic container ENI pre-binding is enabled by default to speed up pod startup while improving the IP address usage. Cluster pre-binding policies take effect globally. Cluster nodes will pre-bind container ENIs based on the configured policies. To configure a separate pre-binding policy for a group of nodes, enable node pool pre-binding.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  This configuration is supported only by CCE Turbo clusters.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  All Container ENI Pre-binding
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • After this function is enabled, your cluster nodes will request for and bind the maximum number of ENIs supported by the node flavor. For example, if the maximum number of sub-ENIs supported by s7.large.2 nodes is 16, CCE will dynamically pre-bind 16 sub-ENIs to each node of this flavor.
                                                                                                                                                                                                  • After this function is disabled, you can customize the pre-binding parameters on the console.
+
                                                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                    Table 3 Parameters of the dynamic ENI pre-binding policy
                                                                                                                                                                                                    Parameter
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default Value
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Description
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Suggestion
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Minimum Number of Container ENIs Bound to a Node
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    10
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Minimum number of container ENIs bound to a node.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The parameter value must be a positive integer. The value 10 indicates that there are at least 10 container ENIs bound to a node. If the number you entered exceeds the container ENI quota of the node, the ENI quota will be used.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Configure these parameters based on the number of pods.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Upper Limit of Pre-bound Container ENIs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    0
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    If the number of ENIs bound to a node exceeds the value of nic-maximum-target, the system does not proactively pre-bind ENIs.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    If the value of this parameter is greater than or equal to the value of nic-minimum-target, the check on the maximum number of the pre-bound ENIs is enabled. Otherwise, the check is disabled.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The parameter value must be a positive integer. The value 0 indicates that the check on the upper limit of pre-bound container ENIs is disabled. If the number you entered exceeds the container ENI quota of the node, the ENI quota will be used.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Configure these parameters based on the number of pods.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Container ENIs Dynamically Pre-bound to a Node
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    2
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Minimum number of pre-bound ENIs on a node. The value must be a number.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    When the value of nic-warm-target + the number of bound ENIs is greater than the value of nic-maximum-target, the system will pre-bind ENIs based on the difference between the value of nic-maximum-target and the number of bound ENIs.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Set this parameter to the number of pods that can be scaled out instantaneously within 10 seconds.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Threshold for Unbinding Pre-bound Container ENIs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    2
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Only when the number of idle ENIs on a node minus the value of nic-warm-target is greater than the threshold, the pre-bound ENIs will be unbound and reclaimed. The value can only be a number.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • Setting a larger value of this parameter slows down the recycling of idle ENIs and accelerates pod startup. However, the IP address usage decreases, especially when IP addresses are insufficient. Therefore, exercise caution when increasing the value of this parameter.
                                                                                                                                                                                                    • Setting a smaller value of this parameter accelerates the recycling of idle ENIs and improves the IP address usage. However, when a large number of pods increase instantaneously, the startup of some pods slows down.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Set this parameter based on the difference between the number of pods that are frequently scaled on most nodes within minutes and the number of pods that are instantly scaled out on most nodes within 10 seconds.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_10_0785.html b/docs/cce/umn/cce_10_0785.html
new file mode 100644
index 000000000..9f40782bf
--- /dev/null
+++ b/docs/cce/umn/cce_10_0785.html
@@ -0,0 +1,110 @@
+
+
+
                                                                                                                                                                                                  Scheduling
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Basic kube-scheduler configurations and Volcano-backed advanced scheduling are available. You can enable advanced scheduling functions such as bin packing, priority-based scheduling and preemption, AI task performance enhancement, and heterogeneous resource management for improved cluster resource utilization at low costs.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  kube-scheduler
                                                                                                                                                                                                  kube-scheduler provides the community native, standard scheduling capabilities.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Before enabling volcano enhanced capabilities, install Volcano Scheduler. Enabling this function will provide advanced scheduling capabilities, including optimizing resource utilization, enhancing AI job performance, and managing heterogeneous resources. This will ultimately improve cluster resource utilization and reduce costs.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enhanced configurations of the Volcano scheduler:
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Scheduler Configuration
                                                                                                                                                                                                   
                                                                                                                                                                                                  Only kube-scheduler supports this configuration.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 1 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  QPS for communicating with kube-apiserver
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  kube-api-qps
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  QPS for communication with kube-apiserver
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • If the number of nodes in a cluster is less than 1,000, the default value is 100.
                                                                                                                                                                                                  • If the number of nodes in a cluster is 1,000 or more, the default value is 200.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Burst for communicating with kube-apiserver
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  kube-api-burst
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Burst for communication with kube-apiserver
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • If the number of nodes in a cluster is less than 1,000, the default value is 100.
                                                                                                                                                                                                  • If the number of nodes in a cluster is 1,000 or more, the default value is 200.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Priority-based Scheduling
                                                                                                                                                                                                  Scheduling based on priority
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This is a basic scheduling capability and cannot be disabled. The scheduler preferentially guarantees the running of high-priority pods, and will not evict low-priority pods that are running. 
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Resource Utilization Optimization Scheduling (Supported by the Volcano Scheduler)
                                                                                                                                                                                                  Bin packing
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  With this option enabled, the cluster scheduler schedules pods to nodes that have the most requested resources. This reduces resource fragments on each node and improves the resource utilization of the cluster. For details, see Bin Packing.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  For details about the bin packing weight and weights for each resource to score nodes, see Table 2.
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 2 Bin packing weight
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Binpack Scheduling Strategy Weight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A larger value indicates a higher weight of the bin packing policy in overall scheduling.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  10
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  CPU Weight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A larger value indicates a higher cluster CPU usage.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Memory Weight
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A larger value indicates a higher cluster memory usage.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Custom Resource Type
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Other custom resource types requested by pods, for example, nvidia.com/gpu. A larger value indicates a higher usage of the specified cluster resource.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  None
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enable load-aware scheduling (usage)
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This function uses the Cloud Native Cluster Monitoring (kube-prometheus-stack) add-on to obtain the actual CPU and memory load of each node, calculates the average load of each node based on the specified period, and preferentially schedules jobs to the node with the lightest load to balance load. For details, see Load-aware Scheduling.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  AI Task Performance Enhanced Scheduling (Supported by the Volcano Scheduler)
                                                                                                                                                                                                  Fair Scheduling Policy (DRF)
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Dominant Resource Fairness (DRF) is a scheduling algorithm based on the dominant resource of a container group. It supports fair allocation of multiple types of resources and is suitable for batch AI training and big data jobs. DRF is suitable for batch process small scale services like single AI model training and single big data computing and query, because it preferentially considers the throughput of services in clusters.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  DRF helps you enhance the service throughput of clusters and improve service performance. For details, see DRF.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Workload Group Scheduling Policy (Gang)
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Gang scheduling meets the scheduling requirements of "All or nothing" in the scheduling process and avoids the waste of cluster resources caused by arbitrary scheduling of pods. It is mainly used in scenarios that require multi-process collaboration, such as AI and big data scenarios.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Gang scheduling effectively resolves pain points such as resource waiting or deadlocks in distributed training jobs, thereby significantly improving the utilization of cluster resources. For details, see Gang.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Heterogeneous Resource Scheduling (Supported by the Volcano Scheduler)
                                                                                                                                                                                                  Support GPU resource scheduling
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  To use this capability, the CCE AI Suite (NVIDIA GPU) add-on (CCE AI Suite (NVIDIA GPU)) must be installed. With this option enabled, GPUs can be used for AI training jobs, and the scheduler provides full GPU dispatch and GPU sharing to improve resource utilization.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_10_0786.html b/docs/cce/umn/cce_10_0786.html
new file mode 100644
index 000000000..32dd7f100
--- /dev/null
+++ b/docs/cce/umn/cce_10_0786.html
@@ -0,0 +1,75 @@
+
+
+
                                                                                                                                                                                                  Auto Scaling
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Auto Scale-Out Configuration
                                                                                                                                                                                                  CCE Cluster Autoscaler comprehensively checks the resource statuses of an entire cluster. When the load of a microservice is high (for example, the CPU or memory usage is too high), it will add more pods to reduce the load.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node Capacity Expansion Conditions
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Auto scale-out when the workload cannot be scheduled: If a workload pod cannot be scheduled, the system automatically scales out the node pool with auto scaling enabled. If the pod has been configured to be affinity for a node, the system will not automatically add more nodes.
                                                                                                                                                                                                    Such auto scaling works with an HPA policy. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • User-defined policy switch: specifies whether to automatically scale out a node pool based on the node scaling policies. This function is enabled by default.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Upper limit of resources to be expanded
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Total Nodes: specifies how many nodes can be present in a cluster during scale-out. If there are more nodes in the cluster than the specified value, the cluster will not add nodes. The default value is determined by how many nodes a cluster can manage at most.
                                                                                                                                                                                                  • Total Cores: specifies how many cores on all nodes can be present in a cluster during scale-out. If there are more cores in the cluster than the specified value, the cluster will not add nodes. By default, the number is not limited.
                                                                                                                                                                                                  • Total Memory (GiB): specifies the upper limit of the total memory of all nodes in a cluster during scale-out. If the total memory exceeds the specified value, the cluster will not add nodes. By default, the number is not limited.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  When the total number of nodes, CPUs, and memory is collected, unavailable nodes in custom node pools are included but unavailable nodes in the default node pool are not included.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Scale-Out Priority
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  You can drag and drop node pools in the list to adjust their scale-out priorities.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Auto Scale-In Configuration
                                                                                                                                                                                                  CCE Cluster Autoscaler comprehensively checks the resource statuses of an entire cluster. Once it confirms that workload pods can be scheduled and run properly, it automatically obtains nodes for scale-in.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node Scale-In Conditions
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Node Resource Condition: When the requested cluster node resources (both CPU and memory) are lower than a certain percentage (50% by default) for a period of time (10 minutes by default), a cluster scale-in is triggered.
                                                                                                                                                                                                  • Node Status Condition: If a node is unavailable for a specified period of time, the node will be automatically reclaimed. The default value is 20 minutes.
                                                                                                                                                                                                  • Scale-in Exception Scenarios: When a node meets the following exception scenarios, CCE will not scale in the node even if the node resources or status meets scale-in conditions:
                                                                                                                                                                                                    1. Resources on other nodes in the cluster are insufficient.
                                                                                                                                                                                                    2. Scale-in protection is enabled on the node. To enable or disable node scale-in protection, choose Nodes in the navigation pane and then click the Nodes tab. Locate the target node, choose More, and then enable or disable node scale-in protection in the Operation column.
                                                                                                                                                                                                    3. There is a pod with the non-scale label on the node.
                                                                                                                                                                                                    4. Policies such as reliability have been configured on some containers on the node.
                                                                                                                                                                                                    5. There are non-DaemonSet containers in the kube-system namespace on the node.
                                                                                                                                                                                                    6. (Optional) A container managed by a third-party pod controller is running on a node. Third-party pod controllers are for custom workloads except Kubernetes-native workloads such as Deployments and StatefulSets. Such controllers can be created using CustomResourceDefinitions.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node Scale-In Policy
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 1 Node scale-in policy configurations
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Number of Concurrent Scale-In Requests
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Maximum number of idle nodes that can be deleted concurrently.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Only idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  During a node scale-in, if the pods on the node do not need to be evicted (such as DaemonSet pods), the node is idle. Otherwise, the node is not idle.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  10
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node Recheck Timeout
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Interval for rechecking a node that could not be removed
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  5 minutes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cooldown Time
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cooldown period for starting scale-in evaluation again after auto scale-in is triggered in a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  If both auto scale-out and scale-in exist in a cluster, set this parameter to 0 minutes. This prevents the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, which results in unexpected waste of node resources.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  10 minutes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cooldown period for starting scale-in evaluation again after auto scale-out is triggered in a cluster
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  10 minutes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cooldown period for starting scale-in evaluation again after auto scale-in triggered in a cluster failed
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  3 minutes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_10_0787.html b/docs/cce/umn/cce_10_0787.html
new file mode 100644
index 000000000..8c550f560
--- /dev/null
+++ b/docs/cce/umn/cce_10_0787.html
@@ -0,0 +1,506 @@
+
+
+
                                                                                                                                                                                                  Kubernetes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Typical native configuration items are provided. You can configure native community management components such as kube-apiserver and kube-controller for the best cloud native experience.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  API Server Configuration (kube-apiserver)
                                                                                                                                                                                                  Container eviction configuration
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  By default, the default tolerance time applies to all containers in a cluster. You can also configure different tolerance times for pods. In this case, your custom settings take effect.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  It is recommended that you properly configure the tolerance times for pods, or certain problems may occur.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • If the parameter is set to a low value, containers may be moved frequently during brief fault scenarios like network jitter, which can impact services.
                                                                                                                                                                                                  • If the parameter is set to a high value, containers may not be moved for a long period of time in the event of a node failure, which can impact services.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 1 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Toleration time for nodes in NotReady state
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  default-not-ready-toleration-seconds
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Tolerance time when a node is not ready. If a node becomes unavailable, pods running on the node are evicted automatically after the tolerance time elapses. The default value is 300s.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 300s
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Toleration time for nodes in unreachable state
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  default-unreachable-toleration-seconds
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Tolerance time when a node is unreachable. If the environment is abnormal, for example, a node cannot be accessed (due to reasons such as abnormal node network), pods running on the node are evicted automatically after the tolerance time elapses. The default value is 300s.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 300s
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Admission Controller Add-on Configurations
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  With Kubernetes, you can enable admission add-ons to limit and manage Kubernetes API objects (like pods, Services, and Deployments) prior to modifying them within a cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 2 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node Restriction Add-on
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  enable-admission-plugin-node-restriction
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This add-on allows the kubelet of a node to operate only the objects of the current node for enhanced isolation in multi-tenant scenarios or the scenarios with high security requirements. For details, see the official documentation.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enable/Disable
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Pod Node Selector Add-on
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  enable-admission-plugin-pod-node-selector
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This add-on allows cluster administrators to configure the default node selector through namespace annotations. In this way, pods run only on specific nodes and configurations are simplified.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enable/Disable
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Pod Toleration Limit Add-on
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  enable-admission-plugin-pod-toleration-restriction
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This add-on allows cluster administrators to configure the default value and limits of pod tolerations through namespaces for fine-grained control over pod scheduling and key resource protection.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enable/Disable
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Service Account Token Volume Projection
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Kubelet can project a service account token into a pod. You can specify the desired properties of the token, such as the API audiences. The token will become invalid against the API when either the pod or the service account is deleted. For details, see the official document.
                                                                                                                                                                                                   
                                                                                                                                                                                                  This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 3 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  API Audience Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  api-audiences
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Audiences for a service account token. The Kubernetes component for authenticating service account tokens checks whether the token used in an API request specifies authorized audiences.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Configuration suggestion: Accurately configure audiences according to the communication needs among cluster services. By doing so, the service account token is used for authentication only between authorized services, which enhances security.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  An incorrect configuration may lead to an authentication communication failure between services or an error during token verification.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default value: "https://kubernetes.default.svc.cluster.local"
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Multiple values can be configured, which are separated by commas (,).
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Service Account Token Issuer Identity
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  service-account-issuer
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Entity identifier for issuing a service account token, which is the value identified by the iss field in the payload of the service account token.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Configuration suggestion: Ensure the configured issuer URL can be accessed in the cluster and trusted by the authentication system in the cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  If your specified issuer URL is untrusted or inaccessible, the authentication process based on the service account may fail.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default value: "https://kubernetes.default.svc.cluster.local"
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Multiple values can be configured, which are separated by commas (,).
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Controller Configuration (kube-controller-manager)
                                                                                                                                                                                                  Common Configurations of the Controller
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Controller performance configuration: used to configure performance parameters for the controller to access kube-apiserver.
                                                                                                                                                                                                     
                                                                                                                                                                                                    It is recommended that you properly configure the controller performance settings, or certain problems may occur.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • If a parameter is set to a small value, client traffic limiting may be triggered, affecting controller performance.
                                                                                                                                                                                                    • If a parameter is set to a large value, kube-apiserver may be overloaded.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
+
                                                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                    Table 4 Parameters
                                                                                                                                                                                                    Item
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parameter
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Description
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Value
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    QPS for communicating with kube-apiserver
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    kube-api-qps
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    QPS for communication with kube-apiserver
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • If the number of nodes in a cluster is less than 1,000, the default value is 100.
                                                                                                                                                                                                    • If the number of nodes in a cluster is 1,000 or more, the default value is 200.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Burst for communicating with kube-apiserver
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    kube-api-burst
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Burst for communication with kube-apiserver
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • If the number of nodes in a cluster is less than 1,000, the default value is 100.
                                                                                                                                                                                                    • If the number of nodes in a cluster is 1,000 or more, the default value is 200.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Cluster controller concurrent configuration: specifies the number of resource objects that are allowed to synchronize simultaneously. A larger value indicates a quicker response and higher CPU (and network) load.
                                                                                                                                                                                                     
                                                                                                                                                                                                    It is recommended that you properly configure the controller concurrency, or certain problems may occur.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • If a parameter is set to a small value, the controller may respond slowly.
                                                                                                                                                                                                    • If a parameter is set to a large value, the cluster management plane will be overloaded.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
+
                                                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                    Table 5 Parameters
                                                                                                                                                                                                    Item
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parameter
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Description
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Value
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of concurrent processing of deployment
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-deployment-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of Deployment objects that can be synchronized concurrently. A larger value indicates a quicker response to Deployments and higher CPU (and network bandwidth) pressure.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Concurrent processing number of endpoint
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-endpoint-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of endpoints that can be concurrently synchronized. A larger value indicates faster update of endpoints and higher CPU (and network) pressure.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Concurrent number of garbage collectors
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-gc-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of garbage collector workers that are allowed to synchronize concurrently.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 20
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of job objects allowed to sync simultaneously
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-job-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of job objects that can be synchronized concurrently. A larger value indicates a quicker response to jobs and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of CronJob objects allowed to sync simultaneously
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-cron-job-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of CronJob objects that can be synchronized concurrently. A larger value indicates a quicker response to CronJobs and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of concurrent processing of namespace
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-namespace-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of namespace objects that can be synchronized concurrently. A larger value indicates a quicker response to namespaces and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 10
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Concurrent processing number of replicaset
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-replicaset-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of ReplicaSet objects that can be synchronized concurrently. A larger value indicates a quicker response to ReplicaSet management and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of concurrent processing of resource quota
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-resource-quota-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of ResourceQuota objects that can be synchronized concurrently. A larger value indicates a faster response to quota management and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Concurrent processing number of service
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-service-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of Service objects that can be synchronized concurrently. A larger value indicates a faster response to Service management and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 10
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Concurrent processing number of serviceaccount-token
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-serviceaccount-token-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of service account token objects that can be synchronized concurrently. A larger value indicates faster token generation and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Concurrent processing of ttl-after-finished
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-ttl-after-finished-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of ttl-after-finished-controller workers that can be synchronized concurrently.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    RC
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent_rc_syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of replication controllers that can be synchronized concurrently. A larger value indicates faster replica management operations and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     NOTE: 
                                                                                                                                                                                                    This parameter is used only in clusters of v1.19 or earlier.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    RC
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-rc-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Number of replication controllers that can be synchronized concurrently. A larger value indicates faster replica management operations and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     NOTE: 
                                                                                                                                                                                                    This parameter is used only in clusters of v1.21 to v1.23. In clusters of v1.25 and later, this parameter is deprecated (officially deprecated from v1.25.3-r0 on).
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    HPA
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    concurrent-horizontal-pod-autoscaler-syncs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Maximum number of HPA auto scaling requests that can be processed concurrently. A larger value indicates a faster HPA auto scaling and higher CPU (and network) usage.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    This parameter is available only in clusters of v1.27 or later.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default: 5
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Value range: 1 to 50
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node lifecycle controller (node-lifecycle-controller) configuration
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 6 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Unhealthy AZ Threshold
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  unhealthy-zone-threshold
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  When more than a certain proportion of pods in an AZ are unhealthy, the AZ itself will be considered unhealthy, and scheduling pods to nodes in that AZ will be restricted to limit the impacts of the unhealthy AZ.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  If the parameter is set to a large value, pods in unhealthy AZs will be migrated in a large scale, which may lead to risks such as overloaded clusters.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 0.55
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Node Eviction Rate
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  node-eviction-rate
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is healthy. The default value is 0.1, indicating that pods can be evicted from at most one node every 10 seconds.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  Configure this parameter based on the size of the cluster. The number of pods to be evicted in each batch should not exceed 300.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  If the parameter is set to a large value, the cluster may be overloaded. Additionally, if too many pods are evicted, they cannot be rescheduled, which will slow down fault recovery.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 0.1
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Secondary Node Eviction Rate
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  secondary-node-eviction-rate
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter specifies the number of nodes that pods are deleted from per second in a cluster when the AZ is unhealthy. The default value is 0.01, indicating that pods can be evicted from at most one node every 100 seconds.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  Configure this parameter with node-eviction-rate and set it to one-tenth of node-eviction-rate.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  There is no need to set the parameter to a large value for nodes in an unhealthy AZ, and this configuration may result in overloaded clusters.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 0.01
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Large Cluster Threshold
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  large-cluster-size-threshold
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  If the number of nodes in a cluster is greater than the value of this parameter, this is a large cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Configuration suggestion: For the clusters with a large number of nodes, configure a relatively larger value than the default one for higher performance and faster responses of controllers. Retain the default value for small clusters. Before adjusting the value of this parameter in a production environment, check the impact of the change on cluster performance in a test environment.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  kube-controller-manager automatically adjusts configurations for large clusters to optimize the cluster performance. Therefore, an excessively small threshold for small clusters will deteriorate the cluster performance.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 50
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Load elastic scaling synchronization cycle
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 7 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cluster elastic computing period
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  horizontal-pod-autoscaler-sync-period
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Period for the horizontal pod autoscaler to perform elastic scaling on pods. A smaller value will result in a faster auto scaling response and higher CPU load.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  Make sure to configure this parameter properly as a lengthy period can cause the controller to respond slowly, while a short period may overload the cluster control plane.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 15s
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Horizontal Pod Scaling Tolerance
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  horizontal-pod-autoscaler-tolerance
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The configuration determines how quickly the horizontal pod autoscaler will act to auto scaling policies. If the parameter is set to 0, auto scaling will be triggered immediately when the related metrics are met.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Configuration suggestion: If the service resource usage increases sharply over time, retain a certain tolerance to prevent auto scaling which is beyond expectation in high resource usage scenarios.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 0.1
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  HPA CPU Initialization Period
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  horizontal-pod-autoscaler-cpu-initialization-period
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  During the period specified by this parameter, the CPU usage data used in HPA calculation is limited to pods that are both ready and have recently had their metrics collected. You can use this parameter to filter out unstable CPU usage data during the early stage of pod startup. This helps prevent incorrect scaling decisions based on momentary peak values.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Configuration suggestion: If you find that HPA is making incorrect scaling decisions due to CPU usage fluctuations during pod startup, increase the value of this parameter to allow for a buffer period of stable CPU usage.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  Make sure to configure this parameter properly as a small value may trigger unnecessary scaling based on peak CPU usage, while a large value may cause scaling to be delayed.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 5 minutes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  HPA Initial Readiness Delay
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  horizontal-pod-autoscaler-initial-readiness-delay
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  After CPU initialization, this period allows HPA to use a less strict criterion for getting CPU metrics. During this period, HPA will gather data on the CPU usage of the pod for scaling, regardless of any changes in the pod's readiness status. This parameter ensures continuous tracking of CPU usage, even when the pod status changes frequently.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Configuration suggestion: If the readiness status of pods fluctuates after startup and you want to prevent HPA misjudgment caused by the fluctuation, increase the value of this parameter to allow HPA to gather more comprehensive CPU usage data.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  Configure this parameter properly. If it is set to a small value, an unnecessary scale-out may occur due to CPU data fluctuations when the pod is just ready. If it is set to a large value, HPA may not be able to make a quick decision when a rapid response is needed.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter is available only in clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 30s
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Threshold configuration of the number of terminal state pods that trigger recycling
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 8 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The maximum number of terminated pods that can be kept before the Pod GC deletes the terminated pod
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  terminated-pod-gc-threshold
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                                  It is recommended that you properly configure this parameter. If the value is too large, there may be a large number of terminated pods in the cluster, which will further affect the performance of list queries and result in an overloaded cluster.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: 1000
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value range: 10 to 12500
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Resource quota controller (resource-quota-controller) configuration
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  In high-concurrency scenarios (for example, creating pods in batches), the resource quota management may cause some requests to fail due to conflicts. Do not enable this function unless necessary. To enable this function, ensure that there is a retry mechanism in the request client.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 9 Parameters
                                                                                                                                                                                                  Item
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Value
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enable resource quota management
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  enable-resource-quota
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  With resource quota management, you are allowed to control the number of workloads (such as Deployments and pods) and the upper limits of resources (such as CPUs and memory) in namespaces or related dimensions. Namespaces control quotas through the ResourceQuota objects.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • false: Auto creation is disabled.
                                                                                                                                                                                                  • true: Auto creation is enabled. For details about the resource quota defaults, see Configuring Resource Quotas.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Default: false
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_10_0788.html b/docs/cce/umn/cce_10_0788.html
new file mode 100644
index 000000000..0ec245b9f
--- /dev/null
+++ b/docs/cce/umn/cce_10_0788.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                                                                  Heterogeneous Resources
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  GPU Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Default Cluster Driver: specifies the default GPU driver version used by the GPU nodes in a cluster. To use a custom driver, enter the download link of the NVIDIA driver. For details, see Obtaining the Driver Link from Public Network.
                                                                                                                                                                                                  • Node Pool Configurations: If you do not want all GPU nodes in a cluster to use the same driver, CCE allows you to install a different GPU driver for each node pool. After you customize a GPU driver for a node pool, nodes in the node pool will preferentially use the custom driver. Nodes for which no driver is specified will use the cluster's default driver.
                                                                                                                                                                                                     
                                                                                                                                                                                                    • The system installs the driver of the version specified for the node pool. The driver applies only to new nodes in the node pool.
                                                                                                                                                                                                    • After the driver version is updated, it takes effect on the nodes newly added to the node pool. Existing nodes must restart to apply the changes.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Settings
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_10_0789.html b/docs/cce/umn/cce_10_0789.html
index b617d580e..00f6b9432 100644
--- a/docs/cce/umn/cce_10_0789.html
+++ b/docs/cce/umn/cce_10_0789.html
@@ -2,10 +2,10 @@
 
 
                                                                                                                                                                                                  Load-aware Scheduling
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Volcano Scheduler offers CPU and memory load-aware scheduling for pods and preferentially schedules pods to the node with the lightest load to balance node loads. This prevents an application or node failure due to heavy loads on a single node.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Prerequisites
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Prerequisites
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Features
                                                                                                                                                                                                  The native Kubernetes scheduler schedules resources only based on requested resources. However, the actual resource usage of a pod differs greatly from the requested or limited value of the requested resources, which is the cause of cluster load imbalancing.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  1. The actual resource usage of certain nodes in a cluster is far lower than the resource allocation rate, but no more pods are scheduled onto the nodes, leading to resource waste.
                                                                                                                                                                                                  2. Certain nodes in a cluster have been overloaded, but this could not been detected by the scheduler. This may greatly affect service stability.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Features
                                                                                                                                                                                                  The native Kubernetes scheduler schedules resources only based on requested resources. However, the actual resource usage of a pod differs greatly from the requested or limited value of the requested resources, which is the cause of cluster load imbalance.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1. The actual resource usage of certain nodes in a cluster is far lower than the resource allocation rate, but no more pods are scheduled onto the nodes, leading to resource waste.
                                                                                                                                                                                                  2. The scheduler failed to detect that some nodes in the cluster are overloaded, which could significantly affect the stability of the service.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Volcano resolves the preceding issues based on actual loads. If there are plenty of resources, pods are preferentially scheduled to nodes with the lightest load to balance the load on each node in the cluster.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  The status, workload traffic, and requests of a cluster change dynamically, and the resource usage of nodes changes in real time. To prevent extreme load imbalance in a cluster after pod scheduling, Volcano provides load-aware hotspot descheduling for the optimal load balancing of cluster nodes. For details about hotspot descheduling, see Descheduling.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0831.html b/docs/cce/umn/cce_10_0831.html
index 5e25c952c..757401694 100644
--- a/docs/cce/umn/cce_10_0831.html
+++ b/docs/cce/umn/cce_10_0831.html
@@ -1,14 +1,16 @@
 
 
 
                                                                                                                                                                                                  Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Service
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  When using a LoadBalancer Service, you can configure a trustlist or blocklist to specify the IP addresses that are allowed or denied to access a load balancer listener.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  When using a LoadBalancer Service, you can configure a trustlist or blocklist to specify the IP addresses that are allowed or denied accessing a load balancer listener.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  • Trustlist: Only the IP addresses in the list can access the listener.
                                                                                                                                                                                                  • Blocklist: The IP addresses in the list are not allowed to access the listener.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  After the blocklist or trustlist access policy is configured, if you delete the blocklist or trustlist access policy configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Prerequisites
                                                                                                                                                                                                  • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                                                    • v1.23: v1.23.12-r0 or later
                                                                                                                                                                                                    • v1.25: v1.25.7-r0 or later
                                                                                                                                                                                                    • v1.27: v1.27.4-r0 or later
                                                                                                                                                                                                    • v1.28: v1.28.2-r0 or later
                                                                                                                                                                                                    • Other clusters of later versions
                                                                                                                                                                                                    
-
                                                                                                                                                                                                  • An IP address group has been created on the ELB console. For details, see .
                                                                                                                                                                                                  
+
                                                                                                                                                                                                4. An IP address group has been created on the ELB console.
                                                                                                                                                                                                  5. 
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Using the CCE Console
                                                                                                                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                  2. Choose Services & Ingresses in the navigation pane, click the Services tab, and click Create Service in the upper right corner.
                                                                                                                                                                                                  3. Configure Service parameters.
                                                                                                                                                                                                    • Service Name: Enter a service name, for example, service-acl.
                                                                                                                                                                                                    • Service Type: Select LoadBalancer.
                                                                                                                                                                                                    • Service Affinity: Select cluster level or node level as needed. For details about the differences, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                                                                    • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                                    • Load Balancer
                                                                                                                                                                                                      Select a load balancer to be accessed. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click Create Load Balancer to create one on the ELB console. Alternatively, select Auto create to create a load balancer. For details about parameter settings, see Table 1.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    • Health Check: defaults to Global health check. You can configure this parameter as needed.
                                                                                                                                                                                                    • Ports
                                                                                                                                                                                                      • Protocol: protocol used by the Service.
                                                                                                                                                                                                      • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                                                      • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    • Access Control
                                                                                                                                                                                                      • Allow all IP addresses: No access control is configured.
                                                                                                                                                                                                      • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                                                      • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    • Access Control
                                                                                                                                                                                                      • Inherit ELB Configurations: CCE does not modify the existing access control configurations on the ELB console.
                                                                                                                                                                                                      • Allow all IP addresses: No access control is configured.
                                                                                                                                                                                                      • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                                                      • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  4. Click OK.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
@@ -33,36 +35,36 @@ spec:
   type: LoadBalancer
 
                                                                                                                                                                                                  
 
-
                                                                                                                                                                                                  Table 1 Annotations for ELB access control
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0832.html b/docs/cce/umn/cce_10_0832.html
index a9f248e6a..4a76c967d 100644
--- a/docs/cce/umn/cce_10_0832.html
+++ b/docs/cce/umn/cce_10_0832.html
@@ -3,14 +3,59 @@
 
                                                                                                                                                                                                  Configuring a Blocklist/Trustlist Access Policy for a LoadBalancer Ingress
                                                                                                                                                                                                  You can add IP addresses to a trustlist or blocklist to control access to a listener of a LoadBalancer ingress.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  • Trustlist: Only the IP addresses in the list can access the listener.
                                                                                                                                                                                                  • Blocklist: The IP addresses in the list are not allowed to access the listener.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Prerequisites
                                                                                                                                                                                                  • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                                                    • v1.23: v1.23.12-r0 or later
                                                                                                                                                                                                    • v1.25: v1.25.7-r0 or later
                                                                                                                                                                                                    • v1.27: v1.27.4-r0 or later
                                                                                                                                                                                                    • v1.28: v1.28.2-r0 or later
                                                                                                                                                                                                    • Other clusters of later versions
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    After a blocklist/trustlist access policy is configured, if you delete the blocklist/trustlist access policy configuration on the CCE console or delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Prerequisites
                                                                                                                                                                                                    • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                                                      • v1.23: v1.23.12-r0 or later
                                                                                                                                                                                                      • v1.25: v1.25.7-r0 or later
                                                                                                                                                                                                      • v1.27: v1.27.4-r0 or later
                                                                                                                                                                                                      • v1.28: v1.28.2-r0 or later
                                                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    • An IP address group has been created on the ELB console. For details, see .
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Using the CCE Console
                                                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                    2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                                                    3. Configure access control parameters for the ingress.
                                                                                                                                                                                                      • Allow all IP addresses: No access control is configured.
                                                                                                                                                                                                      • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                                                      • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details about how to configure other parameters, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Using the CCE Console to Configure a Blocklist/Trustlist Access Policy
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                      2. Choose Services & Ingresses in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                                                                                                      3. Configure ingress parameters.
                                                                                                                                                                                                         
                                                                                                                                                                                                        This example explains only key parameters for configuring blocklist/trustlist access policies. You can configure other parameters as required. For details, see Creating a LoadBalancer Ingress on the Console.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                  Table 1 Annotations for ELB access control
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Type
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Type
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  kubernetes.io/elb.acl-id
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  kubernetes.io/elb.acl-id
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  String
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  String
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                                                  • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                                                  • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                                                    How to obtain:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                                                  • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                                                  • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                                                    How to obtain:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  kubernetes.io/elb.acl-status
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  kubernetes.io/elb.acl-status
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  String
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  String
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  • on: Access control is enabled.
                                                                                                                                                                                                  • off: Access control is disabled.
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  kubernetes.io/elb.acl-type
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  kubernetes.io/elb.acl-type
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  String
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  String
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                                                                                                                  • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 1 Key parameters
                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Description
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Example
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Name
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enter an ingress name.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  ingress-test
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Load Balancer
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Select a load balancer to be associated with the ingress or automatically create a load balancer. A load balancer can be dedicated or shared.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Dedicated
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Listener
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • External Protocol: HTTP and HTTPS are available.
                                                                                                                                                                                                  • External Port: specifies the port of the load balancer listener.
                                                                                                                                                                                                  • Access Control
                                                                                                                                                                                                    • Allow all IP addresses: No access control is configured.
                                                                                                                                                                                                    • Trustlist: Only the selected IP address group can access the load balancer.
                                                                                                                                                                                                    • Blocklist: The selected IP address group cannot access the load balancer.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • External Protocol: HTTP
                                                                                                                                                                                                  • External Port: 80
                                                                                                                                                                                                  • Advanced Options
                                                                                                                                                                                                    Access Control: Blocklist
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Forwarding Policy
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Domain Name: Enter an actual domain name to be accessed. If it is left blank, the ingress can be accessed through the IP address. Ensure that the domain name has been registered and licensed. Once a forwarding policy is configured with a domain name specified, you must use the domain name for access.
                                                                                                                                                                                                  • Path Matching Rule: Select Prefix match, Exact match, or RegEx match.
                                                                                                                                                                                                  • Path: Enter the path provided by a backend application for external access. The path added must be valid in the backend application, or the forwarding cannot take effect.
                                                                                                                                                                                                  • Destination Service: Select an existing Service or create a Service. Any Services that do not match the search criteria will be filtered out automatically.
                                                                                                                                                                                                  • Destination Service Port: Select the access port of the destination Service.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Domain Name: You do not need to configure this parameter.
                                                                                                                                                                                                  • Path Matching Rule: Prefix match
                                                                                                                                                                                                  • Path: /
                                                                                                                                                                                                  • Destination Service: nginx
                                                                                                                                                                                                  • Destination Service Port: 80
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                5. Click OK.
                                                                                                                                                                                                  6. 
 
-
                                                                                                                                                                                                  Using kubectl
                                                                                                                                                                                                  An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                                                  apiVersion: networking.k8s.io/v1
+
                                                                                                                                                                                                  Using kubectl to Configure a Blocklist/Trustlist Access Policy
                                                                                                                                                                                                  1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                  2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                                    vi ingress-test.yaml
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                                                    apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
@@ -19,7 +64,7 @@ metadata:
     kubernetes.io/elb.class: performance                   # Load balancer type
     kubernetes.io/elb.port: '80'                           # External port of the load balancer listener
     kubernetes.io/elb.acl-id: <your_acl_id>               # ID of an IP address group for accessing a load balancer
-    kubernetes.io/elb.acl-status: 'on'                  # Enable access control.
+    kubernetes.io/elb.acl-status: 'on'                    # Enable access control.
     kubernetes.io/elb.acl-type: 'white'                   # Trustlist for access control
 spec:
   rules: 
@@ -31,54 +76,62 @@ spec:
           service:
             name: <your_service_name>  # Replace it with the name of your target Service.
             port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
+              number: 80             # Replace 80 with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
   ingressClassName: cce      
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
-
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Table 1 Annotations for ELB access control
                                                                                                                                                                                                    Parameter
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                    Table 2 Annotations for ELB access control
                                                                                                                                                                                                    Parameter
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Type
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Type
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Description
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Description
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    kubernetes.io/elb.acl-id
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    kubernetes.io/elb.acl-id
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    String
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    String
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                                                    • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                                                    • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                                                      How to obtain:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    • If this parameter is not specified, CCE does not modify access control on the ELB.
                                                                                                                                                                                                    • If this parameter is left empty, all IP addresses are allowed to access the load balancer.
                                                                                                                                                                                                    • If this parameter is set to the IP address group ID of the load balancer, access control is enabled and you need to configure an IP address blocklist or trustlist for the load balancer. Additionally, you need to configure both kubernetes.io/elb.acl-status and kubernetes.io/elb.acl-type.
                                                                                                                                                                                                      How to obtain:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group. 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    kubernetes.io/elb.acl-status
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    kubernetes.io/elb.acl-status
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    String
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    String
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    • on: Access control is enabled.
                                                                                                                                                                                                    • off: Access control is disabled.
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    kubernetes.io/elb.acl-type
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    kubernetes.io/elb.acl-type
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    String
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    String
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    This parameter is mandatory when you configure an IP address blocklist or trustlist for a load balancer. Options:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    • black: indicates a blocklist. The selected IP address group cannot access the load balancer.
                                                                                                                                                                                                    • white: indicates a trustlist. Only the selected IP address group can access the load balancer.
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    
                                                                                                                                                                                                     
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  3. Create an ingress.
                                                                                                                                                                                                    kubectl create -f ingress-test.yaml
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    ingress/ingress-test created
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  4. Check the created ingress.
                                                                                                                                                                                                    kubectl get ingress
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    5. 
 
 
 
 
diff --git a/docs/cce/umn/cce_10_0836.html b/docs/cce/umn/cce_10_0836.html
new file mode 100644
index 000000000..9edfa4896
--- /dev/null
+++ b/docs/cce/umn/cce_10_0836.html
@@ -0,0 +1,14 @@
+
+
+
                                                                                                                                                                                                    Monitoring
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    CCE monitors applications and resources and collects metrics and events to analyze application health status. You can choose Settings from the navigation pane, click the Monitoring tab, and change monitoring parameters on the console.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Log Configuration
                                                                                                                                                                                                    Collection configuration
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Send stdout Logs to AOM 1.0 (No more evolution): Logging in AOM 1.0 has not been improved, so you are advised to disable this function and use LTS logging instead. 
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parent topic: Settings
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0839.html b/docs/cce/umn/cce_10_0839.html
index ae8d11628..88b74f5e0 100644
--- a/docs/cce/umn/cce_10_0839.html
+++ b/docs/cce/umn/cce_10_0839.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                    (Recommended) Creating an SFS Turbo Subdirectory Using a Dynamic PV
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    When an SFS Turbo volume is mounted to a workload container, the root directory is mounted to the container by default. However, the minimum capacity of an SFS Turbo volume is 500 GiB, which exceeds the capacity required by most workloads, leading to a waste of storage resources. To properly use the storage capacity, CCE allows you to dynamically create an SFS Turbo subdirectory when creating a PVC so that different workloads can share one SFS Turbo volume.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    When an SFS Turbo volume is mounted to a workload container, the root directory is mounted to the container by default. However, the minimum capacity of an SFS Turbo volume is 500 GiB, which exceeds the capacity required by most workloads, leading to a waste of storage resources. CCE enables efficient utilization of storage capacity by creating SFS Turbo subdirectories dynamically when you create a PVC. This allows multiple workloads to share the SFS Turbo file system.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Prerequisites
                                                                                                                                                                                                    • You have created a cluster and installed the CCE Container Storage (Everest) add-on of v2.3.23 or later in the cluster.
                                                                                                                                                                                                    • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                    • You have created an available SFS Turbo file system, and the SFS Turbo file system and the cluster are in the same VPC.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Dynamically Creating an SFS Turbo Subdirectory on the Console
                                                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                    2. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure PVC parameters.
                                                                                                                                                                                                      
@@ -28,7 +28,7 @@
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Storage Classes
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Choose csi-sfsturbo.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Choose csi-sfsturbo. You can customize a StorageClass and configure its reclaim policy and binding mode. For details, see Creating a StorageClass Using the CCE Console.
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Access Mode
                                                                                                                                                                                                    
@@ -75,8 +75,8 @@ spec:
     - ReadWriteMany      # ReadWriteMany must be selected for SFS Turbo.
   resources:
     requests:
-      storage: 10Gi      # This parameter is only used for verification for the PVCs of the SFS Turbo subdirectory type. The value cannot be empty or 0.
-  storageClassName: csi-sfsturbo     # Storage class name of the SFS Turbo file system
+      storage: 10Gi      # For SFS Turbo subdirectory PVCs, this configuration is meaningless and only used for verification (the value cannot be empty or 0) (the value cannot be empty or 0).
+  storageClassName: csi-sfsturbo     # StorageClass name of the SFS Turbo file system
 
 
                                                                                                                                                                                                    
@@ -123,7 +123,7 @@ spec:
 
diff --git a/docs/cce/umn/cce_10_0841.html b/docs/cce/umn/cce_10_0841.html
index cfb1f41cd..a96d3f456 100644
--- a/docs/cce/umn/cce_10_0841.html
+++ b/docs/cce/umn/cce_10_0841.html
@@ -9,8 +9,8 @@
 
                                                                                                                                                                                                    • You have created one or more SNI certificates in ELB and specified a domain name in these certificates. 
                                                                                                                                                                                                    • To create a cluster using commands, ensure kubectl is used. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Using the CCE Console
                                                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                    2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                                                    3. Configure Service parameters. In this example, only mandatory parameters required for using SNI are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                                                      • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                                                      • Service Type: Select LoadBalancer.
                                                                                                                                                                                                      • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                                      • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                                                        • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                                                        • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Ports
                                                                                                                                                                                                        • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                                                        • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                                                        • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                                                        • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use SNI. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using the CCE Console
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                                                        3. Configure Service parameters. In this example, only mandatory parameters required for using SNI are listed. For details about how to configure other parameters, see Using the Console.
                                                                                                                                                                                                          • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                                                          • Service Type: Select LoadBalancer.
                                                                                                                                                                                                          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                                          • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                                                            • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                                                            • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Ports
                                                                                                                                                                                                            • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                                                            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                                                            • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                                                            • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use SNI. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          • Listener
                                                                                                                                                                                                            • SSL Authentication: Select this option if HTTPS is enabled on the listener port. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                                                              • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                                                              • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                                                            • Server Certificate: Select a server certificate as the default certificate. 
                                                                                                                                                                                                            • SNI: Add an SNI certificate containing a domain name. 
                                                                                                                                                                                                              If an SNI certificate cannot be found based on the domain name requested by the client, the server certificate will be returned by default.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            • Security Policy: If HTTPS is enabled on the listener port, you can select a security policy. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                                                            • Backend Protocol: If HTTPS is enabled on the listener port, HTTP or HTTPS can be used to access the backend server. The default value is HTTP. This parameter is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0842.html b/docs/cce/umn/cce_10_0842.html
index 3bee781e8..cac6f03ff 100644
--- a/docs/cce/umn/cce_10_0842.html
+++ b/docs/cce/umn/cce_10_0842.html
@@ -8,8 +8,8 @@
 
                                                                                                                                                                                                          
 
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Using the CCE Console
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                                                        3. Configure Service parameters. In this example, only mandatory parameters are listed. For details about how to configure other parameters, see Creating a LoadBalancer Service.
                                                                                                                                                                                                          • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                                                          • Service Type: Select LoadBalancer.
                                                                                                                                                                                                          • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                                          • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                                                            • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                                                            • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • Ports
                                                                                                                                                                                                            • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                                                            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                                                            • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                                                            • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use HTTP/2. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Using the CCE Console
                                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                            2. In the navigation pane, choose Services & Ingresses. In the upper right corner, click Create Service.
                                                                                                                                                                                                            3. Configure Service parameters. In this example, only mandatory parameters are listed. For details about how to configure other parameters, see Using the Console.
                                                                                                                                                                                                              • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                                                              • Service Type: Select LoadBalancer.
                                                                                                                                                                                                              • Selector: Add a label and click Confirm. The Service will use this label to select pods. You can also click Reference Workload Label to use the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                                              • Load Balancer: Select a load balancer type and creation mode.
                                                                                                                                                                                                                • A load balancer can be dedicated or shared. To enable HTTP/HTTPS on the listener port of a dedicated load balancer, the type of the load balancer must be Application (HTTP/HTTPS) or Network (TCP/UDP) & Application (HTTP/HTTPS).
                                                                                                                                                                                                                • This section uses an existing load balancer as an example. For details about the parameters for automatically creating a load balancer, see Table 1.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              • Ports
                                                                                                                                                                                                                • Protocol: Select TCP. If you select UDP, HTTP and HTTPS will be unavailable.
                                                                                                                                                                                                                • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                                                                • Container Port: listener port of the workload. For example, Nginx uses port 80 by default.
                                                                                                                                                                                                                • Frontend Protocol: In this example, HTTPS must be enabled for the Service to use HTTP/2. For a dedicated load balancer, to use HTTP/HTTPS, the type of the load balancer must be Application (HTTP/HTTPS).
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              • Listener
                                                                                                                                                                                                                • SSL authentication is available only in clusters of v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later versions.
                                                                                                                                                                                                                  • One-way authentication: Only the backend server is authenticated. If you also need to authenticate the identity of the client, select mutual authentication.
                                                                                                                                                                                                                  • Mutual authentication: If you want the clients and the load balancer to authenticate each other, select this option. Only authenticated clients will be allowed to access the load balancer.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                • CA Certificate: If SSL Authentication is set to Mutual authentication, add a CA certificate to authenticate the client. A CA certificate is issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.
                                                                                                                                                                                                                • Server Certificate: Select a server certificate when HTTPS is used. 
                                                                                                                                                                                                                • SNI: Add an SNI certificate containing a domain name. 
                                                                                                                                                                                                                • Advanced Options: Click Add custom container network settings and enable HTTP/2.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0860.html b/docs/cce/umn/cce_10_0860.html
index 0e9cea4ed..e8519b2a5 100644
--- a/docs/cce/umn/cce_10_0860.html
+++ b/docs/cce/umn/cce_10_0860.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                              If the EVS disk attached to a workload does not have enough space, you can increase its capacity by expanding it. This section describes how to expand the capacity of an EVS disk through the console.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Prerequisites
                                                                                                                                                                                                              You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Procedure for an EVS Disk
                                                                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                              2. Choose Storage in the navigation pane and click the PersistentVolumeClaims (PVCs) tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                                                              3. Enter the capacity to be added and click OK.
                                                                                                                                                                                                                 
                                                                                                                                                                                                                The disk size can only be increased, not decreased.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                EVS Disk
                                                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                                2. Choose Storage in the navigation pane and click the PersistentVolumeClaims (PVCs) tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                                                                3. Enter the capacity to be added and click OK.
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  The disk size can only be increased, not decreased.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0864.html b/docs/cce/umn/cce_10_0864.html
index c4f90a195..26504e237 100644
--- a/docs/cce/umn/cce_10_0864.html
+++ b/docs/cce/umn/cce_10_0864.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                                                                              4. Click OK.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Configuring Access Policies for an API Server
                                                                                                                                                                                                              To ensure the security of a cluster's API server, it is important to modify the security group rules for the master nodes. This is because the EIP, which is exposed to the Internet, is at risk of being attacked.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                                                              2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                                              3. Select Description as the filter criterion and paste the cluster ID to search for the target security groups.
                                                                                                                                                                                                              4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                                              5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                                                                2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                                                3. Select Description as the filter criterion and paste the cluster ID to search for the target security group.
                                                                                                                                                                                                                4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                                                5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                6. Change the source IP address that can be accessed as required. For example, if the IP address used by the client to access the API Server is 100.*.*.*, you can add an inbound rule for port 5443 and set the source IP address to 100.*.*.*.
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  In addition to the client IP address, the port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh to ensure that the API Server can be accessed from within the cluster.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0883.html b/docs/cce/umn/cce_10_0883.html
index 1e9a6652c..3a60dd33a 100644
--- a/docs/cce/umn/cce_10_0883.html
+++ b/docs/cce/umn/cce_10_0883.html
@@ -1,13 +1,13 @@
 
 
-
                                                                                                                                                                                                                  Differences Between CCE Node mountPath Configurations and Community Native Configurations
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Differences in kubelet and Runtime Component Configurations Between CCE and the Native Community
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  To maintain the stability of nodes, CCE stores Kubernetes and container runtime components on separate data disks. Kubernetes uses the /mnt/paas/kubernetes directory, and the container runtime uses the /mnt/paas/runtime directory. The paths to these directories are the same as the default paths used in the community through soft links.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Configuration Differences Between CCE and Community Native
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                    Table 1 Key parameters
                                                                                                                                                                                                    Parameter
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Yes
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    Requested capacity in the PVC, in Gi.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    This parameter is only used for verification for the PVCs of the SFS Turbo subdirectory type. The value cannot be empty or 0, and can be fixed at 10 because any value you set does not take effect.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    This parameter is only used for verification for SFS Turbo subdirectory PVCs. The value cannot be empty or 0, and can be fixed at 10 because any value you set does not take effect.
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    
 
 
 
                                                                                                                                                                                                    Item
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Differences in Default Paths to kubelet and Runtime
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
-
@@ -30,14 +30,14 @@
 
-
-
                                                                                                                                                                                                    Path Name
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    Kubernetes Native Path
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    CCE Path
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Path on CCE Nodes
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    
                                                                                                                                                                                                     
 
                                                                                                                                                                                                    /var/lib/docker
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
+
 
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Container runtime (containerd)
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
 
                                                                                                                                                                                                    /var/lib/containerd
                                                                                                                                                                                                    
                                                                                                                                                                                                     		
+
 
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    containerd logs
                                                                                                                                                                                                    
@@ -51,15 +51,14 @@
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                     
                                                                                                                                                                                                    In clusters of v1.23.16-r0, v1.25.11-r0, v1.27.8-r0, v1.28.6-r0, v1.29.2-r0, or later versions, modified soft links will be mounted in both Kubernetes and CCE paths.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Possible Impact of Differences
                                                                                                                                                                                                    • If a soft link file is mounted into a container, the real path that the soft link file points to cannot be accessed.
                                                                                                                                                                                                      For example, if /var/log is mounted to /mnt/log in a container through a hostPath, /mnt/log/pods is an abnormal soft link file in the container, and the actual data in /var/log/pods cannot be accessed.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Mount the actual file path to the container to prevent a file read failure caused by soft links.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    • The kubelet root-dir path (/mnt/paas/kubernetes/kubelet) is inconsistent with the community path (/var/lib/kubelet). If the container mount path of a third-party CSI add-on is the community path, the file mounting does not take effect.
                                                                                                                                                                                                      For example, when Vault (an open-source third-party add-on) uses secrets-store-csi-driver to mount a secret, if the root-dir path to the add-on is inconsistent with the CCE configuration path (the default value of the add-on is the same as the community path /var/lib/kubelet), the Vault secret cannot be obtained in the container.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      This is because CSI uses mountPropagation to mount volumes to target containers. kubelet includes the mount path (/mnt/paas/kubernetes/kubelet/pods/{podID}/volume/...) related to kubelet root-dir into the CSI request for mounting a volume. When the CSI container mounts a volume to the mount path requested by kubelet CSI, if the mount path is irrelevant to the hostPath, the mount propagation will be invalid. For example, the CSI container mounts host /var/lib/kubelet to container /var/lib/kubelet, and /mnt/paas/kubernetes/kubelet/pods/{podID}/volume/... in the CSI container is irrelevant to the hostPath.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Update the root-dir path in CSI to match the kubelet root-dir path on the current CCE node.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       
                                                                                                                                                                                                      The differences in default paths to kubelet and runtime between CCE and the native community may have the following impacts:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • If a soft link file is mounted into a container, the real path that the soft link file points to cannot be accessed.
                                                                                                                                                                                                        For example, if /var/log is mounted to /mnt/log in a container through a hostPath, /mnt/log/pods is an abnormal soft link file in the container, and the actual data in /var/log/pods cannot be accessed.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Mount the actual file path to the container to prevent a file read failure caused by soft links.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • The kubelet root-dir path (/mnt/paas/kubernetes/kubelet) is inconsistent with the community path (/var/lib/kubelet). If the container mount path of a third-party CSI add-on is the community path, the file mounting does not take effect.
                                                                                                                                                                                                        For example, when Vault (an open-source third-party add-on) uses secrets-store-csi-driver to mount a secret, if the root-dir path to the add-on is inconsistent with the CCE configuration path (the default value of the add-on is the same as the community path /var/lib/kubelet), the Vault secret cannot be obtained in the container.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        This is because CSI uses mountPropagation to mount volumes to target containers. kubelet includes the mount path (/mnt/paas/kubernetes/kubelet/pods/{podID}/volume/...) related to kubelet root-dir into the CSI request for mounting a volume. When the CSI container mounts a volume to the mount path requested by kubelet CSI, if the mount path is irrelevant to the hostPath, the mount propagation will be invalid. For example, the CSI container mounts host /var/lib/kubelet to container /var/lib/kubelet, and /mnt/paas/kubernetes/kubelet/pods/{podID}/volume/... in the CSI container is irrelevant to the hostPath.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Update the root-dir path in CSI to match the kubelet root-dir path on the current CCE node.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
 
 
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0886.html b/docs/cce/umn/cce_10_0886.html
index 6d408df84..e7c74caea 100644
--- a/docs/cce/umn/cce_10_0886.html
+++ b/docs/cce/umn/cce_10_0886.html
@@ -2,10 +2,10 @@
 
 
                                                                                                                                                                                                    Accepting Nodes in a Node Pool
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    If you want to add a newly created ECS to a node pool in a cluster, or remove a node from a node pool and add it to the node pool again, accept the node.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                     
                                                                                                                                                                                                    • When an ECS is accepted for management, the ECS OS will be reset to the standard image provided by CCE to ensure node stability.
                                                                                                                                                                                                    • LVM information, including volume groups (VGs), logical volumes (LVs), and physical volumes (PVs) will be deleted from the system disks and data disks attached to the selected ECSs during acceptance. Ensure that the information has been backed up.
                                                                                                                                                                                                    • During the acceptance of an ECS, do not perform any operation on the ECS through the ECS console.
                                                                                                                                                                                                    • After a node is managed by a node pool, if a scaling-in task is triggered in the node pool, the node will be deleted.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    • When an ECS is accepted for management, the ECS OS will be reset to the standard image provided by CCE to ensure node stability.
                                                                                                                                                                                                    • LVM information, including volume groups (VGs), logical volumes (LVs), and physical volumes (PVs), will be deleted from the system disks and data disks attached to the selected ECSs during acceptance. Ensure that the information has been backed up.
                                                                                                                                                                                                    • During the acceptance of an ECS, do not perform any operation on the ECS through the ECS console.
                                                                                                                                                                                                    • After a node is managed by a node pool, if a scaling-in task is triggered in the node pool, the node will be deleted.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Procedure
                                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                                    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane. In the right pane, click the Node Pools tab.
                                                                                                                                                                                                    3. Choose More > Accept Node in the operation bar of the target node pool.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    4. Select one or more nodes that meet the requirements.
                                                                                                                                                                                                      • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                                                                                                      • The nodes and the current node pool belong to the same enterprise project.
                                                                                                                                                                                                      • The billing mode of the nodes must be the same as that of the current node pool. For example, a pay-per-use node pool can accept only pay-per-use nodes.
                                                                                                                                                                                                      • The cloud server group of the nodes must be the same as that of the current node pool.
                                                                                                                                                                                                      • The nodes must be running and cannot be labeled with CCE-Dynamic-Provisioning-Node.
                                                                                                                                                                                                      • Data disks must be attached to the nodes. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                                      • The flavor of the nodes must be at least 2 vCPUs and 4 GiB memory, and only one NIC can be bound to each of the nodes.
                                                                                                                                                                                                      • Only the cloud servers that have the same flavor, AZ, resource reservation, system disk, and data disk configurations as the node pool can be added for batch acceptance.
                                                                                                                                                                                                      • Partitioned disks on cloud servers will not be accepted as data disks. Back up data and clear the disks before node acceptance.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    5. Select one or more nodes that meet the requirements.
                                                                                                                                                                                                      • The nodes and the current node pool are deployed in the same VPC and subnet.
                                                                                                                                                                                                      • The nodes and the current node pool belong to the same enterprise project.
                                                                                                                                                                                                      • The billing mode of the nodes must be the same as that of the current node pool. For example, a pay-per-use node pool can accept only pay-per-use nodes.
                                                                                                                                                                                                      • The cloud server group of the nodes must be the same as that of the current node pool.
                                                                                                                                                                                                      • The nodes must be running and cannot be labeled with CCE-Dynamic-Provisioning-Node.
                                                                                                                                                                                                      • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                                      • The flavor of the nodes must be at least 2 vCPUs and 4 GiB memory, and only one NIC can be bound to each of the nodes.
                                                                                                                                                                                                      • Only the cloud servers that have the same flavor, AZ, resource reservation, system disk, and data disk configurations as the node pool can be added for batch acceptance.
                                                                                                                                                                                                      • Partitioned disks on cloud servers will not be accepted as data disks. Back up data and clear the disks before node acceptance.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    6. Click OK.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0889.html b/docs/cce/umn/cce_10_0889.html
new file mode 100644
index 000000000..6f25a4cd8
--- /dev/null
+++ b/docs/cce/umn/cce_10_0889.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                                                                                                                    Scheduling a Workload
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
+
diff --git a/docs/cce/umn/cce_10_0891.html b/docs/cce/umn/cce_10_0891.html
new file mode 100644
index 000000000..1aad3847b
--- /dev/null
+++ b/docs/cce/umn/cce_10_0891.html
@@ -0,0 +1,45 @@
+
+
+
                                                                                                                                                                                                    Configuring Specified Node Scheduling (nodeSelector)
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    To select a node for scheduling in Kubernetes, simply configure the nodeSelector field in the workload. This field allows you to configure the label of the desired node to be scheduled. Kubernetes schedules pods only to nodes with specified labels.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Prerequisites
                                                                                                                                                                                                    A custom label has been added to the target node so that workload pods can be scheduled based on the node label. For details, see Adding or Deleting a Node Label.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Creating a Workload Scheduled to a Specified Node
                                                                                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                    2. Create a YAML file named nginx.yaml. The file name can be customized.
                                                                                                                                                                                                      Configure nodeSelector for the workload. For example, if the key is deploy_qa and the value is true, the pod will be scheduled to the node with the deploy_qa=true label. Example:
                                                                                                                                                                                                      apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      nodeSelector: 
+        deploy_qa: "true"
+      containers:
+      - image: nginx:latest
+        imagePullPolicy: IfNotPresent
+        name: nginx
+      imagePullSecrets:
+      - name: default-secret
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    3. Create a workload.
                                                                                                                                                                                                      kubectl apply -f nginx.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    4. Verify that all pods run on the target node.
                                                                                                                                                                                                      kubectl get pod -o wide
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In the following command output, node 192.168.0.103 is labeled with deploy_qa=true:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      NAME                     READY   STATUS    RESTARTS   AGE     IP              NODE                                   NOMINATED NODE   READINESS GATES
+nginx-66859f4f48-xgp2g   1/1     Running   0          6h57m   172.16.3.0   192.168.0.103   <none>           <none>
+nginx-66859f4f48-t9gqj   1/1     Running   0          6h57m   172.16.3.1   192.168.0.103   <none>           <none>
+nginx-66859f4f48-2grhq   1/1     Running   0          6h57m   172.16.3.2   192.168.0.103   <none>           <none>
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parent topic: Scheduling a Workload
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0892.html b/docs/cce/umn/cce_10_0892.html
new file mode 100644
index 000000000..c4e3f31d4
--- /dev/null
+++ b/docs/cce/umn/cce_10_0892.html
@@ -0,0 +1,156 @@
+
+
+
                                                                                                                                                                                                    Configuring Node Affinity Scheduling (nodeAffinity)
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Kubernetes can schedule workload pods to affinity nodes based on their labels and label values. For example, some nodes support GPU computing, and node affinity scheduling can guarantee that high-performance computing pods run on these GPU nodes.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Using the CCE Console
                                                                                                                                                                                                    In this example, a GPU node labeled with gpu=true has been created in the cluster. You can use this label to schedule pods to this GPU node.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                                    2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                                                                                                                    3. In Advanced Settings, choose Scheduling and select a policy for Node Affinity. In this example, Custom policies is selected. For details about how to create a workload, see Creating a Workload.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 1 Scheduling policies
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Example
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Node Affinity
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Not configured: No node affinity policy is configured.
                                                                                                                                                                                                      • Node Affinity: Specify the nodes where workload pods are to be deployed. If no nodes are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                                                                                                                      • Specified Node Pool Scheduling: Specify the node pools where workload pods are to be deployed. If no node pools are specified, the pods will be randomly scheduled according to the default cluster scheduling policy.
                                                                                                                                                                                                      • Custom policies: allow flexible scheduling of workload pods based on node labels. For details about the supported affinity policies, see Table 2. Select a proper policy type and add a policy. For details about the parameters, see Table 3.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Custom policies
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    4. Select a proper node affinity rule and click  to add a scheduling policy. In this example, a scheduling policy is added in the Required area under Node Affinity. This policy specifies that the newly created workload can only be scheduled to a specific node.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 2 Affinity rule
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Example
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Node Affinity
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Required: indicates the hard constraint (requiredDuringSchedulingIgnoredDuringExecution) that must be met.
                                                                                                                                                                                                        If multiple rules that must be met are added, scheduling will be performed when only one rule is met.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Preferred: indicates the soft constraint (preferredDuringSchedulingIgnoredDuringExecution) that need to be met as much as possible.
                                                                                                                                                                                                        If multiple rules that are preferentially met are added, scheduling will be performed even if one or none of the rules is met.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Required
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    5. In the dialog box that is displayed on the right, click Add Policy to configure rules for filtering node labels.
                                                                                                                                                                                                      You can also click Specify Node or Specify AZ to quickly select a node or AZ on the console for scheduling.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Specifying a node or AZ is also implemented through labels. The console frees you from manually entering node labels. The kubernetes.io/hostname label is used when you specify a node, and the failure-domain.beta.kubernetes.io/zone label is used when you specify an AZ.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 3 Parameters for configuring node affinity scheduling policies
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Example
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Weight
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      This parameter is available only in a preferred scheduling policy. Weights range from 1 to 100 and are taken into account as an extra scoring factor during scheduling. The scheduler combines the weight with other priority functions of the node to determine the final score and then assigns pods to the node with the highest total score.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      None
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Label Key
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      When configuring node affinity, enter the node label to be matched.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Both default labels and custom labels are supported.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      gpu
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Operator
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The following operators are supported:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                                                                                                                      • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                                                                                                                      • Exists: The affinity or anti-affinity object has a specified label key.
                                                                                                                                                                                                      • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                                                                                                                                                      • Gt: The label value of the scheduling node is greater than what is listed (character string comparison).
                                                                                                                                                                                                      • Lt: The label value of the scheduling node is less than what is listed (character string comparison).
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Label Value
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      When configuring node affinity, enter the value of the node label.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      true
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    6. After the scheduling policy is added, click Create Workload.
                                                                                                                                                                                                    7. Verify that all pods run on the target node.
                                                                                                                                                                                                      1. In the navigation pane, choose Workloads.
                                                                                                                                                                                                      2. Click the workload name to enter its details page. On the Pods tab page, verify that all pods run on the target node, which is labeled with gpu=true.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Using YAML
                                                                                                                                                                                                    Workload node affinity rules are implemented using node labels. When a node is created in a CCE cluster, it is automatically assigned certain labels. Here are some examples of commonly used node labels (for more labels, see Inherent Label of a Node):
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • topology.kubernetes.io/zone: the AZ where the node is located, which can be used for scheduling in a specified AZ.
                                                                                                                                                                                                    • kubernetes.io/hostname: hostname of a node, which can be used for specified node scheduling.
                                                                                                                                                                                                    • cce.cloud.com/cce-nodepool: node pool to which a node belongs, which can be used for scheduling in a specified node pool.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    In this example, the rule that must be met indicates that the node to be scheduled must be labeled with key gpu and value true. The rule that needs to be met as much as possible indicates that pods are preferentially scheduled to nodes in AZ 1 based on topology.kubernetes.io/zone. The following is an example of configuring node affinity:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name:  gpu
+  labels:
+    app:  gpu
+spec:
+  selector:
+    matchLabels:
+      app: gpu
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app:  gpu
+    spec:
+      containers:
+      - image:  nginx:alpine
+        name:  gpu
+        resources:
+          requests:
+            cpu: 100m
+            memory: 200Mi
+          limits:
+            cpu: 100m
+            memory: 200Mi
+      imagePullSecrets:
+      - name: default-secret
+      affinity:  # Configure a scheduling policy.
+        nodeAffinity:  # Node affinity scheduling
+          requiredDuringSchedulingIgnoredDuringExecution:  # Scheduling policy that must be met
+            nodeSelectorTerms:     # Select a node that meets the requirements according to the node label.
+              - matchExpressions:    # Node label matching rule
+                - key: gpu   # The key of the node label is gpu.
+                  operator: In  # The rule is met if a value exists in the value list.
+                  values:   # The value of the node label is true.
+                  - "true"
+          preferredDuringSchedulingIgnoredDuringExecution:  # Scheduling policy that is met as much as possible
+            - weight: 100  # Priority that can be configured when the best-effort policy is used. The value ranges from 1 to 100. A larger value indicates a higher priority.
+              preference:  # Preferred node label matching rule when the best-effort policy is used
+                matchExpressions:   # Node label matching rule
+                  - key: topology.kubernetes.io/zone   # Nodes' AZs
+                     operator: In  # The rule is met if a value exists in the value list.
+                    values:   # The value of the node label is az1.
+                    - "az1"
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    There is no anti-affinity policy for node affinity scheduling. For node anti-affinity, you can filter nodes by label using the NotIn and DoesNotExist operators.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parent topic: Scheduling a Workload
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0893.html b/docs/cce/umn/cce_10_0893.html
new file mode 100644
index 000000000..46e861522
--- /dev/null
+++ b/docs/cce/umn/cce_10_0893.html
@@ -0,0 +1,266 @@
+
+
+
                                                                                                                                                                                                    Configuring Workload Affinity or Anti-affinity Scheduling (podAffinity or podAntiAffinity)
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Kubernetes offers workload affinity and anti-affinity scheduling, which allows for flexible scheduling of new workloads on either related or unrelated nodes. This results in improved cluster resource utilization.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    For example, frontend workload pods and backend workload pods that frequently communicate with each other can be preferentially scheduled to the same node or AZ to minimize network latency. The process of workload affinity/anti-affinity is as follows:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    1. Nodes are classified using node labels based on topology keys (topologyKey).
                                                                                                                                                                                                      For example, if topologyKey is prefer, nodes will be classified using node label prefer. Nodes labeled with prefer=true will be assigned to topology key 1, while those labeled with prefer=false will be assigned to topology key 2. Nodes without a prefer label will be assigned to topology key 3.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    2. Identify the affinity/anti-affinity workloads based on the workload labels and operators.
                                                                                                                                                                                                      For example, the label selector filters the workloads that have been labeled with app=backend.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    3. For affinity scheduling, the scheduler chooses the topology key where the target workload is located, while for anti-affinity scheduling, it selects a topology key where the target workload is not present.
                                                                                                                                                                                                      In this example, the workload labeled with app=backend is assigned to topology key 1. Therefore, workloads that have an affinity with the app=backend workload can be scheduled to topology key 1. Conversely, workloads that have an anti-affinity with the app=backend workload can only be scheduled to topology key 2 or 3.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Figure 1 Workload affinity or anti-affinity scheduling
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Using the CCE Console
                                                                                                                                                                                                    In this example, a backend workload with the app=backend label has been created in the cluster. This label can be used for workload affinity or anti-affinity scheduling, allowing the newly created frontend workload labeled with app=frontend to be deployed on the same node as the backend workload. Both workloads run in topology key kubernetes.io/hostname. When you use kubernetes.io/hostname for topology classification, only one node can be assigned to each topology key because each node has a unique hostname. This enables workloads to be scheduled on the same node when workload affinity is enabled.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                                    2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                                                                                                                    3. In Advanced Settings, choose Scheduling and select a policy for Load Affinity. In this example, Custom policies is selected. For details about how to create a workload, see Creating a Workload.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 1 Scheduling policies
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Example
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Load affinity
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Not configured: No load affinity policy is configured.
                                                                                                                                                                                                      • Multi-AZ deployment preferred: Workload pods are preferentially scheduled to nodes in different AZs through pod anti-affinity. The AZs serve as topology keys in this process.
                                                                                                                                                                                                      • Forcible multi-AZ deployment: Workload pods are forcibly scheduled to nodes in different AZs through pod anti-affinity. The AZs serve as topology keys in this process. When this scheduling policy is used, if there are fewer nodes than pods or node resources are insufficient, the extra pods will fail to run.
                                                                                                                                                                                                      • Custom policies: allow flexible scheduling of workload pods based on pod labels. For details about the supported scheduling policies, see Table 2. Select a proper policy type and add a policy. For details about the parameters, see Table 3.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Custom policies
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    4. Select a proper load affinity rule and click  to add a scheduling policy. In this example, a scheduling policy is added in the Required area under Workload Affinity. This policy specifies that the newly created workload can only be scheduled to a node if a workload with specific labels is already running on that node.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 2 Load affinity policies
                                                                                                                                                                                                      Policy
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Rule Type
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Example
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Workload affinity
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Required
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that must be met.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Select pods that require affinity by label. If such pods already run on a node in the topology key, the scheduler will forcibly schedule the created pods to that topology key.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       NOTE: 
                                                                                                                                                                                                      If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods must be affinity with all pods that meet the label filtering conditions. In this way, all pods that meet the label filtering conditions locate in the same topology key for scheduling.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Required
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Preferred
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that need to be met as much as possible.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Select pods that require affinity by label. If such pods already run on a node in the topology key, the scheduler will preferentially schedule the created pods to that topology key.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       NOTE: 
                                                                                                                                                                                                      If multiple affinity rules are configured, multiple labels will be used to filter pods that require affinity, and the newly created pods will be preferentially to be affinity with multiple pods that meet the label filtering conditions. However, even if no pod meets the label filter conditions, a topology key will be selected for scheduling.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Workload anti-affinity
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Required
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that must be met.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Select one or more pods that require anti-affinity by label. If such pods already run on a node in the topology key, the scheduler will not schedule the created pods to that topology key.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       NOTE: 
                                                                                                                                                                                                      If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods must be anti-affinity with all pods that meet the label filtering conditions. In this way, all the topology keys where the pods that meet the label filtering conditions locate will not be scheduled.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      None
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Preferred
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution in YAML for specifying the conditions that need to be met as much as possible.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Select one or more pods that require anti-affinity by label. If such pods already run on a node in the topology key, the scheduler will preferentially schedule the created pods to other topology keys.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       NOTE: 
                                                                                                                                                                                                      If multiple anti-affinity rules are configured, multiple labels will be used to filter pods that require anti-affinity, and the newly created pods will be preferentially to be anti-affinity with multiple pods that meet the label filtering conditions. However, even if all topology keys involve the pods that require anti-affinity, a topology key will be selected for scheduling.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    5. In the dialog box that is displayed on the right, click Add Policy to configure rules for filtering node labels.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 3 Parameters for configuring load affinity/anti-affinity scheduling policies
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Example
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Weight
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      This parameter is available only in a preferred scheduling policy. Weights range from 1 to 100 and are taken into account as an extra scoring factor during scheduling. The scheduler combines the weight with other priority functions of the node to determine the final score and then assigns pods to the node with the highest total score.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      None
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Namespace
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Namespace for which the scheduling policy takes effect.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      default
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Topology Key
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      A topology key (topologyKey) determines the range of nodes to be scheduled based on node labels, identifies affinity/anti-affinity objects based on the labels and operators, and performs scheduling based on the topology key where the target object is located.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • For example, if the node label is kubernetes.io/hostname, the label value will be a node name. Nodes with different names are assigned to different topology keys. This allows for workload affinity scheduling on a single node, as each topology key contains only one node.
                                                                                                                                                                                                      • If the specified label is kubernetes.io/os, the label value will be a node OS. Nodes running different OSs are assigned to different topology keys. This allows for workload affinity scheduling on multiple nodes, as each topology key contains multiple nodes.
                                                                                                                                                                                                        For example, if pods that meet the load affinity rule are running on a node in a topology key, all nodes in the topology key can be scheduled.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubernetes.io/hostname
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Label Key
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      When configuring a workload affinity or anti-affinity policy, enter the workload label to be matched.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Both default labels and custom labels are supported.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      app
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Operator
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The following operators are supported:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                                                                                                                      • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                                                                                                                      • Exists: The affinity or anti-affinity object has a specified label key.
                                                                                                                                                                                                      • DoesNotExist: The affinity or anti-affinity object does not have a specified label key.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Label Value
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      When configuring a workload affinity or anti-affinity policy, enter the value of the workload label.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      backend
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    6. After the scheduling policy is added, click Create Workload.
                                                                                                                                                                                                    7. Verify that all pods run on the target node.
                                                                                                                                                                                                      1. In the navigation pane, choose Workloads.
                                                                                                                                                                                                      2. Click the workload name to enter its details page. On the Pods tab page, verify that the new pod and the existing backend pod run on the same node.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Using YAML
                                                                                                                                                                                                    • Workload affinity
                                                                                                                                                                                                      Kubernetes supports affinity between pods, which allows the frontend and backend pods of an application to be deployed together to minimize access latency.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Assume that the backend pods of an application have been created with label app=backend. You can use .spec.affinity.podAffinity to configure workload affinity so that the frontend pods (labeled app=frontend) and backend pods (labeled app=backend) can be deployed together.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  labels:
+    app: frontend
+spec:
+  selector:
+    matchLabels:
+      app: frontend
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+      - image: nginx:alpine
+        name: frontend
+        resources:
+          requests:
+            cpu: 100m
+            memory: 200Mi
+          limits:
+            cpu: 100m
+            memory: 200Mi
+      imagePullSecrets:
+      - name: default-secret
+      affinity:  # Configure a scheduling policy.
+        podAffinity:  # Workload affinity scheduling rule
+          requiredDuringSchedulingIgnoredDuringExecution:   # Scheduling policy that must be met
+          - topologyKey: prefer    # Topology keys are divided based on node labels, among which prefer is a custom label.
+            labelSelector:  # Select workloads that meet the requirements based on workload labels.
+              matchExpressions: # Workload label matching rule
+              - key: app # The key of the workload label is app.
+                operator: In # The rule is met if a value exists in the value list.
+                values: # Workload label values
+                - backend
+          preferredDuringSchedulingIgnoredDuringExecution:    # Scheduling policy that is met as much as possible
+          - weight: 100  # Priority that can be configured when the best-effort policy is used. The value ranges from 1 to 100. A larger value indicates a higher priority.
+            podAffinityTerm:  # Affinity configuration when the best-effort policy is used
+              topologyKey: topology.kubernetes.io/zone   # Topology keys are divided based on node labels by node AZ.
+              labelSelector:
+                matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                  - backend
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      During workload scheduling in the preceding example, node topology keys are divided based on the prefer label using the rule that must be met. If backend pods (labeled app=backend) are running on a node in the topology key, frontend pods (labeled app=frontend) will also be deployed in that topology key, even if not all nodes in the topology key are running the backend pods. According to the best-effort rule, topology keys are divided based on topology.kubernetes.io/zone by node AZ. This ensures that the frontend and backend pods are deployed on nodes within the same AZ as much as possible.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       
                                                                                                                                                                                                      For workload affinity, topologyKey cannot be left blank when requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution are used.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      topologyKey is used to divide topology keys based on the labels of nodes. Nodes with the same labels are grouped into the same topology key. The scheduler then selects the topology key to be scheduled based on the workload label. A topology key can consist of multiple nodes. If a workload that meets a label selection rule runs on a node in a topology key, all nodes in the topology key can be scheduled.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For example, if the topologyKey label is set to topology.kubernetes.io/zone, nodes' AZs will be used as the topology keys, and workloads will be scheduled by AZ during deployment.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    • Workload anti-affinity
                                                                                                                                                                                                      In some cases, pods need to be deployed separately. This is because deploying them together can negatively impact performance.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Assume that the frontend pods of an application have been created with label app=frontend. To ensure that pods are deployed on different nodes and multiple AZs are preferred, you can use .spec.affinity.podAntiAffinity to configure workload anti-affinity.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name:   frontend
+  labels:
+    app:  frontend
+spec:
+  selector:
+    matchLabels:
+      app: frontend
+  replicas: 5
+  template:
+    metadata:
+      labels:
+        app:  frontend
+    spec:
+      containers:
+      - image:  nginx:alpine
+        name:  frontend
+        resources:
+          requests:
+            cpu:  100m
+            memory:  200Mi
+          limits:
+            cpu:  100m
+            memory:  200Mi
+      imagePullSecrets:
+      - name: default-secret
+      affinity:
+        podAntiAffinity:  # Workload anti-affinity scheduling rule
+          requiredDuringSchedulingIgnoredDuringExecution:   # Scheduling policy that must be met
+          - topologyKey: kubernetes.io/hostname    # Topology keys are divided based on node labels.
+            labelSelector:    # Pod label matching rule
+              matchExpressions:  # The key of the workload label is app.
+              - key: app  # The key of the workload label is app.
+                operator: In  # The rule is met if a value exists in the value list.
+                values:  # Workload label values
+                - frontend
+          preferredDuringSchedulingIgnoredDuringExecution:    # Scheduling policy that is met as much as possible
+          - weight: 100  # Priority that can be configured when the best-effort policy is used. The value ranges from 1 to 100. A larger value indicates a higher priority.
+            podAffinityTerm:  # Affinity configuration when the best-effort policy is used
+              topologyKey: topology.kubernetes.io/zone   # Topology keys are divided based on node labels.
+              labelSelector:
+                matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                  - frontend
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In the preceding example, anti-affinity rules are configured. The rule that must be met indicates that node topology keys are divided based on kubernetes.io/hostname. Nodes with the kubernetes.io/hostname label have different label values. Therefore, there is only one node in each topology key. If a topology key contains only one node where a frontend pod already exists, pods with the same label will not be scheduled to that topology key. According to the best-effort rule, topology keys are divided based on topology.kubernetes.io/zone by node AZ. This ensures that the pods are deployed on nodes in different AZs as much as possible.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       
                                                                                                                                                                                                      For workload anti-affinity, when requiredDuringSchedulingIgnoredDuringExecution is used, the default access controller LimitPodHardAntiAffinityTopology of Kubernetes requires that topologyKey can only be kubernetes.io/hostname. To use other custom topology logic, modify or disable the access controller.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parent topic: Scheduling a Workload
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0896.html b/docs/cce/umn/cce_10_0896.html
index 84737f675..0a8a35068 100644
--- a/docs/cce/umn/cce_10_0896.html
+++ b/docs/cce/umn/cce_10_0896.html
@@ -2,17 +2,18 @@
 
 
                                                                                                                                                                                                    Configuring a Custom Header Forwarding Policy for a LoadBalancer Ingress
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Dedicated load balancer ingresses support custom header forwarding policies. You can configure different header key-value pairs to determine the backend Service to which data is forwarded.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Prerequisites
                                                                                                                                                                                                    A cluster meeting the following requirements is available:
                                                                                                                                                                                                    • v1.23: v1.23.16-r0 or later
                                                                                                                                                                                                    • v1.25: v1.25.11-r0 or later
                                                                                                                                                                                                    • v1.27: v1.27.8-r0 or later
                                                                                                                                                                                                    • v1.28: v1.28.6-r0 or later
                                                                                                                                                                                                    • v1.29: v1.29.2-r0 or later
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Prerequisites
                                                                                                                                                                                                    • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                                                      • v1.23: v1.23.16-r0 or later
                                                                                                                                                                                                      • v1.25: v1.25.11-r0 or later
                                                                                                                                                                                                      • v1.27: v1.27.8-r0 or later
                                                                                                                                                                                                      • v1.28: v1.28.6-r0 or later
                                                                                                                                                                                                      • v1.29: v1.29.2-r0 or later
                                                                                                                                                                                                      • Other clusters of later versions
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Using kubectl
                                                                                                                                                                                                    An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                                                    apiVersion: networking.k8s.io/v1
+
                                                                                                                                                                                                    Using kubectl
                                                                                                                                                                                                    1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                                      vi ingress-test.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                                                      apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: test-header
+  name: ingress-test
   namespace: default
   annotations:
-    kubernetes.io/elb.port: '80'
-    kubernetes.io/elb.id: 08eab934-1636-4d90-a4cd-cb3fa4330411
+    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.id: 08eab934-1636-4d90-a4cd-cb3fa4330411
     kubernetes.io/elb.class: performance  # A dedicated load balancer is required.
     # Path /a can be accessed only through Header key1=value1 or key1=value2. The accessed Service is svc-a:80.
     kubernetes.io/elb.headers.svc-a: | 
@@ -58,33 +59,41 @@ spec:
   ingressClassName: cce
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
-
                                                                                                                                                                                                      
@@ -41,7 +40,7 @@
 
                                                                                                                                                                                                    3. Create a cluster and a node.
                                                                                                                                                                                                      1. Log in to the CCE console. On the Clusters page, click Create Cluster and select the type for the cluster to be created.
                                                                                                                                                                                                        Configure cluster parameters and select the VPC created in 1. 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      2. Create a node and select the key pair created in 1 as the login option. 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    4. Deploy a workload on CCE.
                                                                                                                                                                                                      1. Log in to the CCE console and click the name of the cluster to access the cluster console. In the navigation pane, choose Workloads and click Create Workload.
                                                                                                                                                                                                      2. Configure the following parameters, and retain the default settings for other parameters:
                                                                                                                                                                                                        • Workload Name: Set it to apptest.
                                                                                                                                                                                                        • Pods: Set it to 1.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Deploy a workload on CCE.
                                                                                                                                                                                                        1. Log in to the CCE console and click the name of the cluster to access the cluster console. In the navigation pane, choose Workloads and click Create Workload.
                                                                                                                                                                                                        2. Configure the following parameters, and retain the default settings for other parameters:
                                                                                                                                                                                                          • Workload Name: Set it to apptest.
                                                                                                                                                                                                          • Pods: Set it to 1.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        3. In the Container Settings area, select the image uploaded in Building and Uploading an Image.
                                                                                                                                                                                                        4. In the Container Settings area, choose Environment Variables and add environment variables for interconnecting with the MySQL database. The environment variables are set in the startup script.
                                                                                                                                                                                                           
                                                                                                                                                                                                          In this example, interconnection with the MySQL database is implemented through configuring the environment variables. Determine whether to use environment variables based on your service requirements.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
@@ -77,10 +76,10 @@
 
                                                                                                                                                                                                        5. In the Container Settings area, choose Data Storage and configure cloud storage for persistent data storage.
                                                                                                                                                                                                           
                                                                                                                                                                                                          In this example, the MongoDB database is used and persistent data storage is also needed, so you need to configure cloud storage. Determine whether to use cloud storage based on your service requirements.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          The mounted path must be the same as the MongoDB storage path in the Docker startup script. For details, see the startup script. In this example, the path is /usr/local/mongodb/data.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        6. In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                                                                           
                                                                                                                                                                                                          In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        7. In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                                                                           
                                                                                                                                                                                                          In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • Service Name: name of the application that can be accessed externally. In this example, this parameter is set to apptest.
                                                                                                                                                                                                          • Service Type: In this example, select NodePort.
                                                                                                                                                                                                          • Service Affinity
                                                                                                                                                                                                            • Cluster-level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                                                            • Node-level: Only the IP address and access port of the node where the workload is located can be used to access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • Port
                                                                                                                                                                                                            • Protocol: Set it to TCP.
                                                                                                                                                                                                            • Service Port: port for accessing the Service.
                                                                                                                                                                                                            • Container Port: port that the application will listen on the container. In this example, this parameter is set to 8080.
                                                                                                                                                                                                            • Node Port: Set it to Auto. The system automatically opens a real port on all nodes in the current cluster and then maps the port number to the container port.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • Service Name: name of the application that can be accessed externally. In this example, this parameter is set to apptest.
                                                                                                                                                                                                            • Service Type: Select NodePort.
                                                                                                                                                                                                            • Service Affinity
                                                                                                                                                                                                              • Cluster-level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                                                              • Node-level: Only the IP address and access port of the node where the workload is located can be used to access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            • Port
                                                                                                                                                                                                              • Protocol: Set it to TCP.
                                                                                                                                                                                                              • Service Port: port for accessing the Service.
                                                                                                                                                                                                              • Container Port: port that the application will listen on the container. In this example, this parameter is set to 8080.
                                                                                                                                                                                                              • Node Port: Set it to Auto. The system automatically opens a real port on all nodes in the current cluster and then maps the port number to the container port.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          • Click Create Workload.
                                                                                                                                                                                                            After the workload is created, you can view the running workload in the workload list.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0014.html b/docs/cce/umn/cce_bestpractice_0014.html
index 2049cf96a..75553bcfb 100644
--- a/docs/cce/umn/cce_bestpractice_0014.html
+++ b/docs/cce/umn/cce_bestpractice_0014.html
@@ -19,7 +19,7 @@
 
 
                                                                                                                                                                                                      5. 
-
diff --git a/docs/cce/umn/cce_bestpractice_00162.html b/docs/cce/umn/cce_bestpractice_00162.html
index 1288242d4..96a5da3bc 100644
--- a/docs/cce/umn/cce_bestpractice_00162.html
+++ b/docs/cce/umn/cce_bestpractice_00162.html
@@ -4,9 +4,9 @@
 
                                                                                                                                                                                                      CCE uses proprietary, high-performance container networking add-ons to support the tunnel network, Cloud Native 2.0 network, and VPC network models.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                       
                                                                                                                                                                                                      After a cluster is created, the network model cannot be changed. Exercise caution when selecting a network model.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                                                        Figure 1 Container tunnel network
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                                                        Figure 2 VPC network
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                                                        Figure 3 Cloud Native 2.0 network
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                                                          Figure 1 Container tunnel network
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                                                          Figure 2 VPC network
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                                                          Figure 3 Cloud Native 2.0 network
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The following table lists the differences between the network models.
                                                                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_bestpractice_00198.html b/docs/cce/umn/cce_bestpractice_00198.html
index 45dfc5c63..a385d0028 100644
--- a/docs/cce/umn/cce_bestpractice_00198.html
+++ b/docs/cce/umn/cce_bestpractice_00198.html
@@ -26,7 +26,7 @@
 
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Table 1 Annotations for configuring a custom header forwarding policy
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
-
-
-
-
-
                                                                                                                                                                                                      Table 1 Annotations for configuring a custom header forwarding policy
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Type
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Type
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubernetes.io/elb.headers.${svc_name}
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      String
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      String
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Custom header of the Service associated with an ingress. ${svc_name} is the Service name.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Format: a JSON string, for example, {"key": "test", "values": ["value1", "value2"]}
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • key/value indicates the key-value pair of the custom header. A maximum of eight values can be configured.
                                                                                                                                                                                                        Enter 1 to 40 characters for a key. Only letters, digits, hyphens (-), and underscores (_) are allowed.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Enter 1 to 128 characters for a value. Asterisks (*) and question marks (?) are allowed, but spaces and double quotation marks are not allowed. An asterisk can match zero or more characters, and a question mark can match one character.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Either a custom header or grayscale release can be configured.
                                                                                                                                                                                                      • Enter 1 to 51 characters for ${svc_name}.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    5. After a custom header forwarding policy is configured for an ingress, a grayscale release policy cannot be created for the ingress.
                                                                                                                                                                                                    6. Enter 1 to 51 characters for ${svc_name}.
                                                                                                                                                                                                      7. 
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
                                                                                                                                                                                                       
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    7. Create an ingress.
                                                                                                                                                                                                      kubectl create -f ingress-test.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      ingress/ingress-test created
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    8. Check the created ingress.
                                                                                                                                                                                                      kubectl get ingress
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      9. 
 
 
 
 
diff --git a/docs/cce/umn/cce_10_0906.html b/docs/cce/umn/cce_10_0906.html
index 445072729..1c97705d6 100644
--- a/docs/cce/umn/cce_10_0906.html
+++ b/docs/cce/umn/cce_10_0906.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                                      Adding a Pod Subnet for a Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Configuring Pod Subnets of a Cluster
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Scenario
                                                                                                                                                                                                      If the pod subnet configured during CCE Turbo cluster creation cannot meet service expansion requirements, you can add a pod subnet for the cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Notes and Constraints
                                                                                                                                                                                                      • This function is available only for CCE Turbo clusters of v1.19 or later.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0909.html b/docs/cce/umn/cce_10_0909.html
index 4ed2605b8..2061d0904 100644
--- a/docs/cce/umn/cce_10_0909.html
+++ b/docs/cce/umn/cce_10_0909.html
@@ -1,11 +1,7 @@
 
 
-
-  
                                                                                                                                                                                                      Cloud Native Heterogeneous Computing Add-ons
                                                                                                                                                                                                      
-
-  
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
+
                                                                                                                                                                                                      Cloud Native Heterogeneous Computing Add-ons
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • CCE AI Suite (NVIDIA GPU)
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0916.html b/docs/cce/umn/cce_10_0916.html
new file mode 100644
index 000000000..d052bba97
--- /dev/null
+++ b/docs/cce/umn/cce_10_0916.html
@@ -0,0 +1,59 @@
+
+
+
                                                                                                                                                                                                        Enabling a LoadBalancer Service to Obtain the Client IP Address
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        When creating a LoadBalancer Service using a shared load balancer, you can configure annotations for the load balancer listeners to obtain the client IP address.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                         
                                                                                                                                                                                                        • If a dedicated load balancer is used, the function of obtaining the client IP address is enabled by default.
                                                                                                                                                                                                        • After the function of obtaining the client IP address is enabled, if you delete the target annotation from the YAML file, the configuration on the ELB will be retained.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                                                          • v1.23: v1.23.17-r0 or later
                                                                                                                                                                                                          • v1.25: v1.25.12-r0 or later
                                                                                                                                                                                                          • v1.27: v1.27.9-r0 or later
                                                                                                                                                                                                          • v1.28: v1.28.7-r0 or later
                                                                                                                                                                                                          • v1.29: v1.29.3-r0 or later
                                                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        In CCE standard clusters, this setting takes effect only when Service affinity is set to the node level affinity (with externalTrafficPolicy set to Local).
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        In CCE Turbo clusters, this setting cannot take effect, because Service affinity cannot be set to the node level affinity and externalTrafficPolicy cannot be set to Local.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using kubectl
                                                                                                                                                                                                        An example YAML file of a Service created using an existing load balancer is as follows:
                                                                                                                                                                                                        apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>              # Load balancer ID. Replace it with the actual value.
+    kubernetes.io/elb.class: union                   # Load balancer type
+    kubernetes.io/elb.transparent-client-ip: 'true'  # Enable the function of obtaining the client source IP address.
+spec:
+  selector: 
+     app: nginx
+  externalTrafficPolicy: Local
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Table 1 Key parameters
                                                                                                                                                                                                        Parameter
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Type
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Description
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        kubernetes.io/elb.transparent-client-ip
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        String
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        This parameter can be configured only for TCP/UDP Services.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • true: Enabling the function of obtaining the client source IP address.
                                                                                                                                                                                                        • false: Disabling the function of obtaining the client source IP address.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: LoadBalancer
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0924.html b/docs/cce/umn/cce_10_0924.html
new file mode 100644
index 000000000..c426fe8d0
--- /dev/null
+++ b/docs/cce/umn/cce_10_0924.html
@@ -0,0 +1,162 @@
+
+
+
                                                                                                                                                                                                        Configuring a Custom EIP for a LoadBalancer Service
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        You can customize the EIP bound to a load balancer that is automatically created by CCE by adding the kubernetes.io/elb.custom-eip-id annotation to a Service.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • A Kubernetes cluster is available and the cluster version meets the following requirements:
                                                                                                                                                                                                          • v1.23: v1.23.18-r0 or later
                                                                                                                                                                                                          • v1.25: v1.25.13-r0 or later
                                                                                                                                                                                                          • v1.27: v1.27.10-r0 or later
                                                                                                                                                                                                          • v1.28: v1.28.8-r0 or later
                                                                                                                                                                                                          • v1.29: v1.29.4-r0 or later
                                                                                                                                                                                                          • v1.30: v1.30.1-r0 or later
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        • A custom EIP for a Service can be configured only when the Service is being updated, and the Service's annotation contains kubernetes.io/elb.eip-id.
                                                                                                                                                                                                        • A custom EIP must be unbound to any resources.
                                                                                                                                                                                                        • After you configure a custom EIP for a load balancer, if the existing EIP bound to the load balancer was automatically created by CCE during load balancer creation and is not being used by any other resources, the existing EIP will be deleted automatically when the associated Service is deleted. However, if the existing EIP was manually created, it will be unbound from the load balancer when you delete the Service, and you will need to manually delete the EIP.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using kubectl
                                                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        2. Automatically create a load balancer with an EIP bound when creating a Service. For details, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                                                                                                                                          An example YAML file of a Service created using a dedicated load balancer is as follows:
                                                                                                                                                                                                          apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"aaaaa","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_g-vm","name":"xxx","available_zone":["xxx"],"elb_virsubnet_ids":["fc0c61cd-c987-49c4-99a4-b7d816b57581"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"cf35b03f-c6ca-4f75-aa70-e2166cb1f800"}'
+    kubernetes.io/elb.eip-id: 8560972c-2cc5-4699-94d6-e46f146eb73d     # ID of the EIP automatically assigned during load balancer creation
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: 0e78a84a-7deb-4747-aeb6-09b6a820b001
+  labels:
+    app: test-svc
+    version: v1
+  name: test-eip
+  namespace: default
+spec:
+  allocateLoadBalancerNodePorts: true
+  clusterIP: 10.247.93.235
+  clusterIPs:
+  - 10.247.93.235
+  externalTrafficPolicy: Cluster
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  loadBalancerIP: *.*.*.*
+  ports:
+  - name: cce-service-0
+    nodePort: 31354
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: test-svc
+    version: v1
+  sessionAffinity: None
+  type: LoadBalancer
+status:
+  loadBalancer:
+    ingress:
+    - ip: *.*.*.*
+    - ip: 192.168.0.15
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Modify the Service configurations and add the kubernetes.io/elb.custom-eip-id annotation.
                                                                                                                                                                                                          apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"aaaaa","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_g-vm","name":"xxx","available_zone":["xxx"],"elb_virsubnet_ids":["fc0c61cd-c987-49c4-99a4-b7d816b57581"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"cf35b03f-c6ca-4f75-aa70-e2166cb1f800"}'
+    kubernetes.io/elb.eip-id: 8560972c-2cc5-4699-94d6-e46f146eb73d     # ID of the EIP automatically assigned during load balancer creation
+    kubernetes.io/elb.custom-eip-id: 88c197a1-cb85-4b38-b672-1d60dc5d00db  # ID of the custom EIP
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: 0e78a84a-7deb-4747-aeb6-09b6a820b001
+  labels:
+    app: test-svc
+    version: v1
+  name: test-eip
+  namespace: default
+spec:
+  allocateLoadBalancerNodePorts: true
+  clusterIP: 10.247.93.235
+  clusterIPs:
+  - 10.247.93.235
+  externalTrafficPolicy: Cluster
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  loadBalancerIP: *.*.*.*
+  ports:
+  - name: cce-service-0
+    nodePort: 31354
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: test-svc
+    version: v1
+  sessionAffinity: None
+  type: LoadBalancer
+status:
+  loadBalancer:
+    ingress:
+    - ip: *.*.*.*
+    - ip: 192.168.0.15
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Type
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubernetes.io/elb.custom-eip-id
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          String
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ID of the custom EIP, which can be seen on the EIP console
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The EIP must be bindable.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. After the Service is updated, check the Service again.
                                                                                                                                                                                                          apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"aaaaa","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_g-vm","name":"xxx","available_zone":["xxx"],"elb_virsubnet_ids":["fc0c61cd-c987-49c4-99a4-b7d816b57581"],"l7_flavor_name":"","l4_flavor_name":"L4_flavor.elb.pro.max","vip_subnet_cidr_id":"cf35b03f-c6ca-4f75-aa70-e2166cb1f800"}'
+    kubernetes.io/elb.eip-id: 8560972c-2cc5-4699-94d6-e46f146eb73d     # ID of the EIP automatically assigned during load balancer creation
+    kubernetes.io/elb.custom-eip-id: 88c197a1-cb85-4b38-b672-1d60dc5d00db  # ID of the custom EIP
+    kubernetes.io/elb.custom-eip-status: '{"id":"88c197a1-cb85-4b38-b672-1d60dc5d00db","public_ip_address":"2.2.2.2"}' # After the custom EIP is configured, record the EIP's ID and IP address.
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: 0e78a84a-7deb-4747-aeb6-09b6a820b001
+  labels:
+    app: test-svc
+    version: v1
+  name: test-eip
+  namespace: default
+spec:
+  allocateLoadBalancerNodePorts: true
+  clusterIP: 10.247.93.235
+  clusterIPs:
+  - 10.247.93.235
+  externalTrafficPolicy: Cluster
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  loadBalancerIP: 2.2.2.2
+  ports:
+  - name: cce-service-0
+    nodePort: 31354
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: test-svc
+    version: v1
+  sessionAffinity: None
+  type: LoadBalancer
+status:
+  loadBalancer:
+    ingress:
+    - ip: 2.2.2.2
+    - ip: 192.168.0.15
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: LoadBalancer
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0925.html b/docs/cce/umn/cce_10_0925.html
new file mode 100644
index 000000000..bf89c3422
--- /dev/null
+++ b/docs/cce/umn/cce_10_0925.html
@@ -0,0 +1,135 @@
+
+
+
                                                                                                                                                                                                        Configuring a Custom EIP for a LoadBalancer Ingress
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        You can customize the EIP bound to a load balancer that is automatically created by CCE by adding the kubernetes.io/elb.custom-eip-id annotation to an ingress.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                                                          • v1.23: v1.23.18-r0 or later
                                                                                                                                                                                                          • v1.25: v1.25.13-r0 or later
                                                                                                                                                                                                          • v1.27: v1.27.10-r0 or later
                                                                                                                                                                                                          • v1.28: v1.28.8-r0 or later
                                                                                                                                                                                                          • v1.29: v1.29.4-r0 or later
                                                                                                                                                                                                          • v1.30: v1.30.1-r0 or later
                                                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        • A custom EIP for an ingress can be configured only when an ingress is being updated, and the ingress' annotation contains kubernetes.io/elb.eip-id.
                                                                                                                                                                                                        • A custom EIP must be unbound to any resources.
                                                                                                                                                                                                        • After you configure a custom EIP for a load balancer, if the existing EIP bound to the load balancer was automatically created by CCE during load balancer creation and is not being used by any other resources, the existing EIP will be deleted automatically when the associated ingress is deleted. However, if the existing EIP was manually created, it will be unbound from the load balancer when you delete the ingress, and you will need to manually delete the EIP.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using kubectl
                                                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        2. Automatically create a load balancer with an EIP bound when creating an ingress. For details, see Automatically Creating a Load Balancer While Creating an Ingress.
                                                                                                                                                                                                          An example YAML file of an ingress created using a shared load balancer is as follows:
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"test-eip
+","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_g-vm","name":"test-eip"}'
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.eip-id: 10183660-0bb7-47d4-a899-18891b1ab2f7     # ID of the EIP automatically assigned during load balancer creation
+    kubernetes.io/elb.id: aed5d5c9-65eb-42ab-9f80-57825cbae309
+    kubernetes.io/elb.ip: 1.1.1.1
+    kubernetes.io/elb.port: "80"
+  name: test-eip
+  namespace: default
+spec:
+  ingressClassName: cce
+  rules:
+  - http:
+      paths:
+      - backend:
+          service:
+            name: test-eip
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+status:
+  loadBalancer:
+    ingress:
+    - ip: 192.168.1.138
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Modify the ingress configurations and add the kubernetes.io/elb.custom-eip-id annotation.
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"test-eip
+","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_g-vm","name":"test-eip"}'
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.eip-id: 10183660-0bb7-47d4-a899-18891b1ab2f7     # ID of the EIP automatically assigned during load balancer creation
+    kubernetes.io/elb.custom-eip-id: 57bf8bb2-8c7d-4d07-8799-aae16a421802  # ID of the custom EIP
+    kubernetes.io/elb.id: aed5d5c9-65eb-42ab-9f80-57825cbae309
+    kubernetes.io/elb.ip: 1.1.1.1
+    kubernetes.io/elb.port: "80"
+  name: test-eip
+  namespace: default
+spec:
+  ingressClassName: cce
+  rules:
+  - http:
+      paths:
+      - backend:
+          service:
+            name: test-eip
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+status:
+  loadBalancer:
+    ingress:
+    - ip: 192.168.1.138
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 1 Key parameters
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Type
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubernetes.io/elb.custom-eip-id
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          String
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ID of the custom EIP, which can be seen on the EIP console
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The EIP must be bindable.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. After the ingress is updated, check the ingress again.
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"test-eip
+","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_g-vm","name":"test-eip"}'
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.eip-id: 10183660-0bb7-47d4-a899-18891b1ab2f7     # ID of the EIP automatically assigned during load balancer creation
+    kubernetes.io/elb.custom-eip-id: 57bf8bb2-8c7d-4d07-8799-aae16a421802  # ID of the custom EIP
+    kubernetes.io/elb.custom-eip-status: '{"id":"57bf8bb2-8c7d-4d07-8799-aae16a421802","public_ip_address":"3.3.3.3"}' # After the custom EIP is configured, record the EIP's ID and IP address.
+    kubernetes.io/elb.id: aed5d5c9-65eb-42ab-9f80-57825cbae309
+    kubernetes.io/elb.ip: 1.1.1.1
+    kubernetes.io/elb.port: "80"
+  name: test-eip
+  namespace: default
+spec:
+  ingressClassName: cce
+  rules:
+  - http:
+      paths:
+      - backend:
+          service:
+            name: test-eip
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+status:
+  loadBalancer:
+    ingress:
+    - ip: 192.168.1.138
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
diff --git a/docs/cce/umn/cce_10_0927.html b/docs/cce/umn/cce_10_0927.html
new file mode 100644
index 000000000..95622d029
--- /dev/null
+++ b/docs/cce/umn/cce_10_0927.html
@@ -0,0 +1,13 @@
+
+
+
                                                                                                                                                                                                        Preventing Cluster Deletion
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Unexpected deletion of clusters can occur in practice, especially when multiple users share an account and accidentally delete clusters that do not belong to them. To prevent this issue, you can protect critical clusters against unexpected deletion through the console or APIs.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Procedure
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane, choose Settings.
                                                                                                                                                                                                        3. On the Dashboard tab page, locate Cluster Deletion Protection in the Cluster Settings area and click Enable. After this function is enabled, you are not allowed to delete clusters on CCE.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Managing a Cluster
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0930.html b/docs/cce/umn/cce_10_0930.html
new file mode 100644
index 000000000..94c15ac7a
--- /dev/null
+++ b/docs/cce/umn/cce_10_0930.html
@@ -0,0 +1,38 @@
+
+
+
                                                                                                                                                                                                        Updating the HTTPS Certificate for a LoadBalancer Ingress
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If the HTTPS certificate for a LoadBalancer ingress is about to expire or has expired, follow the operations provided in this section to update it.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Application Scenarios
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Scenario
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Description
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        LoadBalancer Service certificate
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        To update an HTTPS certificate, create a LoadBalancer Service certificate and select it when modifying the ingress.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Alternatively, modify the certificate on the ELB certificate management page.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        TLS certificate
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        To update an HTTPS certificate, update the target secret in the cluster. CCE will then automatically configure the certificate (starting with k8s_plb_default) on the ELB. The certificate automatically created by CCE cannot be modified or deleted on the ELB.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Procedure for TLS Secret Certificates
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane, choose ConfigMaps and Secrets. In the right pane, click the Secrets tab, find the secret used by the ingress, and click Update.
                                                                                                                                                                                                        3. Modify the certificate file in the secret and click OK to update the secret. CCE will automatically synchronize the certificate to the ELB.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Procedure for LoadBalancer Service Certificates
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane, choose Services & Ingresses. Then, click the Ingresses tab, locate the row containing the target ingress, and choose More > Update in the Operation column.
                                                                                                                                                                                                        3. Set Certificate Source to ELB server certificate, select a new server certificate, and click OK to update the ingress.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
diff --git a/docs/cce/umn/cce_10_0934.html b/docs/cce/umn/cce_10_0934.html
new file mode 100644
index 000000000..97410186b
--- /dev/null
+++ b/docs/cce/umn/cce_10_0934.html
@@ -0,0 +1,207 @@
+
+
+
                                                                                                                                                                                                        Creating an AHPA Policy
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The native Horizontal Pod Autoscaler (HPA) in Kubernetes can cause delays in scaling due to its passive triggering mechanism. To address this issue, the Advanced Horizontal Pod Autoscaler (AHPA) proactively identifies periods of pod scaling and predicts future fluctuations by analyzing historical service metrics.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Features
                                                                                                                                                                                                        AHPA monitors historical workload metrics and performs weekly modeling, making it particularly effective for workloads with clear periodic patterns.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        After AHPA is enabled, it collects monitoring data for a specific workload over a period of one to eight weeks. It then analyzes and models the data using statistical principles. Then, AHPA uses historical monitoring data and future service trends to recommend the optimal number of pods for a workload every minute. This allows pods to be prepared in advance to handle anticipated increases in service volume, ensuring adequate resource availability.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        AHPA can work with HPA and CronHPA to scale pods in complex scenarios.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        AHPA allows you to change the maximum and minimum number of pods in an HPA policy based on the recommended result, or directly adjust the number of pods in a Deployment.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        AHPA and CronHPA share the same approach for adjusting the maximum and minimum pod numbers specified in an HPA policy. For details, see Using CronHPA to Adjust the HPA Scaling Scope.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • The CCE Advanced HPA add-on of v1.5.2 or later has been installed in the cluster. For details, see CCE Advanced HPA.
                                                                                                                                                                                                        • The Cloud Native Cluster Monitoring add-on has been installed in the cluster, and the monitoring data is reported to AOM. For details, see Cloud Native Cluster Monitoring.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        • AHPA policies apply only to clusters of v1.23 or later.
                                                                                                                                                                                                        • For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                                                        • The specifications of the CCE Advanced HPA add-on are determined based on the total number of containers in the cluster and the number of scaling policies. Configure 500m CPU cores and 1000 MiB of memory for every 5000 containers, and 100m CPU cores and 500 MiB of memory for every 1000 scaling policies.
                                                                                                                                                                                                        • AHPA needs extra memory as it analyzes and processes historical workload data. It is advised to allocate 100m CPU cores and 300 MiB of memory for every 100 AHPA policies.
                                                                                                                                                                                                        • After an AHPA policy is created, the type of its associated workload cannot be changed.
                                                                                                                                                                                                        • Either an AHPA policy or a CustomedHPA policy can be enabled.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using AHPA
                                                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        2. Deploy a sample workload. If a workload already runs in the cluster, skip this step. It is advised to use a workload that has been monitored for over seven days, as AHPA requires a minimum of seven days of monitoring data.
                                                                                                                                                                                                          kubectl create -f hamster.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Example configuration of hamster.yaml:
                                                                                                                                                                                                          apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hamster
+spec:
+  selector:
+    matchLabels:
+      app: hamster
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: hamster
+    spec:
+      containers:
+        - name: hamster
+          image: registry.k8s.io/ubuntu-slim:0.1
+          resources:
+            requests:
+              cpu: 100m
+              memory: 50Mi
+          command: ["/bin/sh"]
+          args:
+            - "-c"
+            - "while true; do timeout 0.5s yes >/dev/null; sleep 0.5s; done"
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Create an AHPA task.
                                                                                                                                                                                                          kubectl create -f hamster-ahpa.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Example configuration of hamster-vpa.yaml:
                                                                                                                                                                                                          apiVersion: autoscaling.cce.io/v1alpha1
+kind: AdvancedHorizontalPodAutoscaler
+metadata:
+  name: hamster-ahpa
+  namespace: default
+spec:
+  scaleTargetRef:  # Associated workload, which can only be Deployment/HPA
+    apiVersion: apps/v1
+    kind: Deployment
+    name: hamster
+  minReplicas: 2  # Minimum number of pods
+  maxReplicas: 10  # Maximum number of pods
+  metrics:  # Metrics, whose format is the same as that of the community HPA
+  - type: Resource  # Metric source type, which can only be Resource
+    resource:
+      name: cpu  # Metric source name, which can only be CPU or memory
+      target:
+        type: Utilization  # Metric source type, which can only be Utilization
+        averageUtilization: 50
+  predictConfig:
+    predictWindowSeconds: 1800
+    stabilizationWindowSeconds: 1800
+    quantile: "0.97"
+  effectiveTime:
+  - '* * 11-22 ? * MON-FRI'  # Valid from 11:00 to 22:00, from Monday to Friday
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 1 Key AHPA parameters
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Mandatory
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          scaleTargetRef
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Yes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Target Deployment/HPA.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          metrics
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Yes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Metrics for scaling, which can only be CPU or memory. Only one metric can be configured. Either CPU or memory can be configured.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          maxReplicas
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Yes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Maximum number of pods, which ranges from 0 to 2147483647.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          minReplicas
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Yes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Minimum number of pods, which ranges from 0 to 2147483647.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          predictConfig.predictWindowSeconds
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Yes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Recommendation time window, which starts from the current time. The historical monitoring data within this time window will be used to calculate the recommended number of pods. The value can range from 1 to 3600.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          predictConfig.stabilizationWindowSeconds
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          No
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Scale-in cooling duration. The value ranges from 0 to 3600.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          predictConfig.quantile
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Yes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Prediction quantile, which indicates the probability that a service metric's actual value will be lower than the preset target value. A higher value indicates a more conservative estimate. The value ranges from 0 to 1. Two decimal places are supported. The default value is 0.99. The recommended value ranges from 0.90 to 0.99.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          effectiveTime
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          No
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If multiple cron expressions are specified, AHPA will take effect on the combined set of these expressions. The default setting is always valid.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. After AOM has collected at least seven days of monitoring data for the target workload, AHPA can create a model and suggest the appropriate number of pods. Wait for the recommended number of pods to be provided and run the following command to check AHPA resource details:
                                                                                                                                                                                                          kubectl get ahpa hamster-ahpa -oyaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The command output is as follows:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          apiVersion: autoscaling.cce.io/v1alpha1
+kind: AdvancedHorizontalPodAutoscaler
+metadata:
+  creationTimestamp: "2024-10-07T13:11:58Z"
+  generation: 2
+  name: hamster-ahpa
+  namespace: default
+  resourceVersion: "15529454"
+  uid: e5ffbb01-50b0-4485-8cf5-bc2be884b1ee
+spec:
+  effectiveTime:
+  - '* * 11-22 ? * MON-FRI'
+  maxReplicas: 10
+  metrics:
+  - resource:
+      name: cpu
+      target:
+        averageUtilization: 50
+        type: Utilization
+    type: Resource
+  minReplicas: 2
+  predictConfig:
+    predictWindowSeconds: 1800
+    quantile: "0.97"
+    stabilizationWindowSeconds: 1800
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: hamster
+status:
+  conditions:
+  - lastTransitionTime: "2024-10-07T13:24:19Z"
+    message: the AHPA's model is ready
+    reason: ModelIsReady
+    status: "True"
+    type: ModelAvailable
+  - lastTransitionTime: "2024-10-07T13:24:19Z"
+    message: the AHPA was able to successfully calculate a replica count
+    reason: SucceededRunPrediction
+    status: "True"
+    type: ScalingActive
+  - lastTransitionTime: "2024-10-07T13:24:19Z"
+    message: ths ahpa checkpoint is fresh
+    reason: CheckpointIsFresh
+    status: "True"
+    type: CheckpointAvailable
+  - lastTransitionTime: "2024-10-07T13:24:19Z"
+    message: recommended size matches current size
+    reason: ReadyForNewScale
+    status: "True"
+    type: AbleToScale
+  - lastTransitionTime: "2024-10-07T13:24:19Z"
+    message: the desired replica count is more than the maximum replica count
+    reason: TooManyReplicas
+    status: "True"
+    type: ScalingLimited
+  currentReplicas: 10
+  desiredReplicas: 10
+  lastScaleTime: "2024-10-07T13:24:19Z"
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Scaling a Workload
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0935.html b/docs/cce/umn/cce_10_0935.html
new file mode 100644
index 000000000..a4ae3f784
--- /dev/null
+++ b/docs/cce/umn/cce_10_0935.html
@@ -0,0 +1,45 @@
+
+
+
+  
                                                                                                                                                                                                        Advanced Setting Examples of LoadBalancer Ingresses
                                                                                                                                                                                                        
+
+  
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                        
+
+
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: LoadBalancer Ingresses
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_10_0936.html b/docs/cce/umn/cce_10_0936.html
new file mode 100644
index 000000000..65880a6ab
--- /dev/null
+++ b/docs/cce/umn/cce_10_0936.html
@@ -0,0 +1,23 @@
+
+
+
+  
                                                                                                                                                                                                        Advanced Setting Examples of Nginx Ingresses
                                                                                                                                                                                                        
+
+  
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
+
diff --git a/docs/cce/umn/cce_10_0937.html b/docs/cce/umn/cce_10_0937.html
new file mode 100644
index 000000000..698d05138
--- /dev/null
+++ b/docs/cce/umn/cce_10_0937.html
@@ -0,0 +1,73 @@
+
+
+
                                                                                                                                                                                                        Configuring a Range of Listening Ports for a LoadBalancer Ingress
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Ingress allows you to customize listening ports. You can configure both HTTP and HTTPS listeners for a Service. For example, a Service can make available both HTTP port 80 and HTTPS port 443 for external access.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                                                          • v1.23: v1.23.14-r0 or later
                                                                                                                                                                                                          • v1.25: v1.25.9-r0 or later
                                                                                                                                                                                                          • v1.27: v1.27.6-r0 or later
                                                                                                                                                                                                          • v1.28: v1.28.4-r0 or later
                                                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                                                                                        • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using kubectl
                                                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The following shows an example configuration using an existing load balancer:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/elb.id: 2c623150-17bf-45f1-ae6f-384b036f547e     # ID of an existing load balancer
+    kubernetes.io/elb.class: performance    # Load balancer type
+    kubernetes.io/elb.listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'    # Multi-listener configuration
+    kubernetes.io/elb.tls-certificate-ids: 6cfb43c9de1a41a18478b868e34b0a82,6cfb43c9de1a41a18478b868e34b0a82   # HTTPS certificate configuration
+  name: ingress-test
+  namespace: default
+spec:
+  ingressClassName: cce
+  rules:
+  - host: example.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: test
+            port:
+              number: 8888
+        path: /
+        pathType: ImplementationSpecific
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 1 Annotations for custom listening ports
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Type
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubernetes.io/elb.listen-ports
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          String
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Configure multiple listening ports for an ingress. The port number ranges from 1 to 65535.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The following is an example for JSON characters:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubernetes.io/elb.listen-ports: '[{"HTTP":80},{"HTTPS":443}]'
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Only the listening ports that comply with both HTTP and HTTPS are allowed.
                                                                                                                                                                                                          • This function is available only for newly created ingresses in clusters of a version earlier than v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, or v1.30.4-r0. Additionally, after you configure multiple listening ports, the annotations cannot be modified or deleted. In clusters of v1.23.18-r10, v1.25.16-r0, v1.27.16-r0, v1.28.13-r0, v1.29.8-r0, v1.30.4-r0, or later, the annotations can be modified or deleted.
                                                                                                                                                                                                          • If both kubernetes.io/elb.listen-ports and kubernetes.io/elb.port are configured, kubernetes.io/elb.listen-ports takes a higher priority.
                                                                                                                                                                                                          • Ingress configuration items such as the blocklist, trustlist, and timeout concurrently take effect on multiple listening ports. When HTTP/2 is enabled for an ingress, HTTP/2 takes effect only on the HTTPS port.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          NAME          CLASS    HOSTS           ADDRESS          PORTS   AGE
+ingress-test  cce      example.com     121.**.**.**     80,443  10s
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
diff --git a/docs/cce/umn/cce_10_0939.html b/docs/cce/umn/cce_10_0939.html
new file mode 100644
index 000000000..777937d63
--- /dev/null
+++ b/docs/cce/umn/cce_10_0939.html
@@ -0,0 +1,96 @@
+
+
+
                                                                                                                                                                                                        Configuring the Priorities of Forwarding Rules for LoadBalancer Ingresses
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        When ingresses use the same load balancer listener, forwarding rules can be prioritized based on the following rules:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Forwarding rules of different ingresses: The rules are sorted based on the priorities (ranging from 1 to 1000) of the kubernetes.io/elb.ingress-order annotation. A smaller value indicates a higher priority.
                                                                                                                                                                                                        • Forwarding rules of an ingress: If the kubernetes.io/elb.rule-priority-enabled annotation is set to true, the forwarding rules are sorted based on the sequence in which they are added during ingress creation. A forwarding rule added earlier indicates a higher priority. If the kubernetes.io/elb.rule-priority-enabled annotation is not configured, the default sorting of the forwarding rules on the load balancer will be used.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If the preceding annotations are not configured, the default sorting of the forwarding rules on the load balancer will be used, regardless of whether the forwarding rules are of the same ingress or different ingresses under the same load balancer listener.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                                                          • v1.23: v1.23.15-r0 or later
                                                                                                                                                                                                          • v1.25: v1.25.10-r0-r0 or later
                                                                                                                                                                                                          • v1.27: v1.27.7-r0 or later
                                                                                                                                                                                                          • v1.28: v1.28.5-r0 or later
                                                                                                                                                                                                          • v1.29: v1.29.1-r10 or later
                                                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • An available workload has been deployed in the cluster for external access. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                                                                                                        • A Service for external access has been configured for the workload. Services Supported by LoadBalancer Ingresses lists the Service types supported by LoadBalancer ingresses.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        Ingresses support prioritizing forwarding rules only when dedicated load balancers are used.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using kubectl
                                                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The following shows an example configuration using an existing load balancer:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: test
+  namespace: default
+  annotations:
+    kubernetes.io/elb.port: '88'
+    kubernetes.io/elb.id: 2c623150-17bf-45f1-ae6f-384b036f547e    # ID of an existing load balancer
+    kubernetes.io/elb.class: performance    # Load balancer type
+    kubernetes.io/elb.ingress-order: '1'    # Priority of a forwarding rule of different ingresses
+    kubernetes.io/elb.rule-priority-enabled: 'true'   # The forwarding rules of an ingress are sorted based on the forwarding rule sequence in paths.
+spec:
+  rules:
+    - host: ''
+      http:
+        paths:
+          - path: /test1
+            backend:
+              service:
+                name: test1
+                port:
+                  number: 8081
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+            pathType: ImplementationSpecific
+          - path: /test2
+            backend:
+              service:
+                name: test2
+                port:
+                  number: 8081
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+            pathType: ImplementationSpecific
+  ingressClassName: cce
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 1 Annotations for configuring the priorities of forwarding rules
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Type
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubernetes.io/elb.ingress-order
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          String
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specifies the sequence of forwarding rules of different ingresses. The value ranges from 1 to 1000. A smaller value indicates a higher priority. The priority of a forwarding rule must be unique under the same load balancer listener.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           NOTE: 
                                                                                                                                                                                                          When this annotation is configured, the kubernetes.io/elb.rule-priority-enabled annotation is enabled by default. The forwarding rules of each ingress will be sorted.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubernetes.io/elb.rule-priority-enabled
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          String
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This parameter can only be set to true, indicating to sort the forwarding rules of an ingress. The priorities of the forwarding rules are determined based on the sequence in which they are added during ingress creation. A forwarding rule added earlier indicates a higher priority.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If this parameter is not configured, the default sorting of the forwarding rules on the load balancer will be used. After this parameter is enabled, it cannot be disabled.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     88      10s
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
diff --git a/docs/cce/umn/cce_10_0940.html b/docs/cce/umn/cce_10_0940.html
new file mode 100644
index 000000000..e9a752a72
--- /dev/null
+++ b/docs/cce/umn/cce_10_0940.html
@@ -0,0 +1,242 @@
+
+
+
                                                                                                                                                                                                        Configuring Advanced Forwarding Rules for a LoadBalancer Ingress
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Ingresses offer diverse forwarding rules that can match listeners based on different request parameters like HTTP request methods, headers, query strings, CIDR blocks, and cookies. Each listener is associated with an ELB access port. This facilitates flexible service distribution and resource allocation.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 1 How an advanced forwarding rule operates
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • A CCE standard or Turbo cluster is available, and the cluster version meets the following requirements:
                                                                                                                                                                                                          • v1.23: v1.23.18-r10 or later
                                                                                                                                                                                                          • v1.25: v1.25.16-r0 or later
                                                                                                                                                                                                          • v1.27: v1.27.16-r0 or later
                                                                                                                                                                                                          • v1.28: v1.28.13-r0 or later
                                                                                                                                                                                                          • v1.29: v1.29.8-r0 or later
                                                                                                                                                                                                          • v1.30: v1.30.4-r0 or later
                                                                                                                                                                                                          • Other clusters of later versions
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • The cluster can be accessed using kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        Ingresses support advanced forwarding rules only when dedicated load balancers are used.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using kubectl
                                                                                                                                                                                                        1. Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                                        2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                                          vi ingress-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          An example YAML file of an ingress created using an existing load balancer is as follows:
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1 
+kind: Ingress 
+metadata: 
+  annotations: 
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.id: ab53c3b2-xxxx-xxxx-xxxx-5ac3eb2887be
+    kubernetes.io/elb.port: '80'
+    # Access the svc-hello1 service. Ensure that this service is available.
+    kubernetes.io/elb.conditions.svc-hello1: |  
+        [ 
+          { 
+            "type": "Method", 
+            "methodConfig": { 
+              "values": [ 
+                "GET", 
+                "POST" 
+              ] 
+            } 
+          }, 
+          { 
+            "type": "Header", 
+            "headerConfig": { 
+              "key": "gray-hello", 
+              "values": [ 
+                "value1", 
+                "value2" 
+              ] 
+            } 
+          }, 
+          { 
+            "type": "Cookie", 
+            "cookieConfig": { 
+              "values": [ 
+                { 
+                  "key": "querystringkey1", 
+                  "value": "querystringvalue2" 
+                }, 
+                { 
+                  "key": "querystringkey3", 
+                  "value": "querystringvalue4" 
+                } 
+              ] 
+            } 
+          }, 
+          { 
+            "type": "QueryString", 
+            "queryStringConfig": { 
+              "key": "testKey", 
+              "values": [ 
+                "testValue" 
+              ] 
+            } 
+          }, 
+          { 
+            "type": "SourceIp", 
+            "sourceIpConfig": { 
+              "values": [ 
+                "192.168.0.0/16", 
+                "172.16.0.0/16" 
+              ] 
+            } 
+          } 
+        ] 
+  name: ingress-test 
+spec: 
+  ingressClassName: cce 
+  rules: 
+   - http: 
+      paths: 
+      - path: /hello1 
+        pathType: ImplementationSpecific 
+        backend: 
+          service: 
+            name: svc-hello1 
+            port: 
+              number: 80
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 1 Annotations for advanced forwarding rules
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Type
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubernetes.io/elb.conditions.${svc_name}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          String
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Configure an advanced forwarding rule. ${svc_name} indicates the Service name, which contains a maximum of 48 characters.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the annotation value is set to [], the advanced forwarding rule is deleted.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          An annotation value is in the form of a JSON array. For details, see Table 2.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           NOTICE: 
                                                                                                                                                                                                          • Due to ELB API restrictions, a kubernetes.io/elb.conditions.{svcName} can contain a maximum of 10 key-value pairs.
                                                                                                                                                                                                          • The rules in a condition array are connected by an AND relationship, while the values in the same rule block are connected by an OR relationship. For example, if both Method and QueryString are configured, the target traffic can be distributed only when both rules are met. However, if the Method value is GET or POST, the target traffic can be distributed only when both rules are met and the Method value must be GET or POST.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 2 Array structure
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          How to Use
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Example
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          type
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Matching type. Options:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Method: HTTP requests are forwarded based on the matched method. This parameter must be used with methodConfig. This parameter can be configured only once.
                                                                                                                                                                                                          • Header: HTTP requests are forwarded based on the matched header. This parameter must be used with headerConfig.
                                                                                                                                                                                                          • Cookie: HTTP requests are forwarded based on the matched cookie. This parameter must be used with cookieConfig.
                                                                                                                                                                                                          • QueryString: HTTP requests are forwarded based on the matched character string. This parameter must be used with queryStringConfig.
                                                                                                                                                                                                          • SourceIp: HTTP requests are forwarded based on the matched CIDR block. This parameter must be used with sourceIpConfig. This parameter can be configured only once.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          None
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          methodConfig
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          An HTTP request method that is used to forward requests. This parameter is used only when type is set to Method.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Multiple request methods can be concurrently configured, including GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          You only need to configure values (an array) for methodConfig.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          {
+  "type": "Method",
+  "methodConfig": {
+     "values": [
+        "GET",
+        "POST"
+     ]
+  }
+}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          headerConfig
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          An HTTP request header that is used to forward requests. This parameter is used only when type is set to Header.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • A key can only contain letters, digits, underscores (_), and hyphens (-).
                                                                                                                                                                                                            The first letter of the User-agent and Connection HTTP request headers must be capitalized.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Multiple values can be configured for a key. A value can only contain letters, digits, and special characters (!#$%&'()*+,.\/:;<=>?@[]^-_'{|}~). Asterisks (*) and question marks (?) can be used as wildcard characters.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          You can only configure one key for each headerConfig rule. If you need multiple keys, configure multiple headerConfig rules.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          {
+  "type": "Header",
+  "headerConfig": {
+     "key": "gray-hello",
+     "values": [
+        "value1",
+        "value2"
+     ]
+  } 
+}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          cookieConfig
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A cookie that is used to forward requests. This parameter is used only when type is set to Cookie. A cookie consists of a key and a value, which must be configured separately.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • A key can contain 1 to 100 characters and cannot start or end with a space.
                                                                                                                                                                                                          • A value can contain 1 to 100 characters. Configure a value for each key.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          You can enter multiple key-value pairs that can contain letters, digits, and special characters (!%'"()*+,./:=?@^-_`~).
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          When configuring cookieConfig, you can configure multiple key-value pairs in values, and these pairs will have an OR relationship with each other.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          { 
+  "type": "Cookie", 
+  "cookieConfig": { 
+     "values": [ 
+        { 
+          "key": "querystringkey1", 
+          "value": "querystringvalue2" 
+        }, 
+        { 
+           "key": "querystringkey3", 
+           "value": "querystringvalue4" 
+        } 
+     ] 
+  } 
+}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          queryStringConfig
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A character string that is used to forward requests. If the character string in a request matches the one in the configured forwarding rule, the request will be forwarded. This parameter is used only when type is set to QueryString.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A query string consists of a key and one or more values. Configure the key and values separately.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • A key can only contain letters, digits, and special characters (!$'()*+,./:;=?@^-_').
                                                                                                                                                                                                          • Multiple values can be configured for a key. A value can only contain letters, digits, and special characters (!$'()*+,./:;=?@^-_'). Asterisks (*) and question marks (?) can be used as wildcard characters.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          You can only configure one key for each queryStringConfig rule. If you need multiple keys, configure multiple QueryStringConfig rules.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          { 
+   "type": "QueryString", 
+   "queryStringConfig": { 
+      "key": "testKey", 
+      "values": [ 
+          "testValue" 
+      ] 
+   } 
+}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          sourceIpConfig
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A CIDR block that is used to forward requests. This parameter is used only when type is set to SourceIp.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Example CIDR block: 192.168.1.0/24 or 2020:50::44/127
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          You only need to configure values (an array) for sourceIpConfig.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          { 
+   "type": "SourceIp", 
+   "sourceIpConfig": { 
+      "values": [ 
+         "192.168.0.0/16", 
+         "172.16.0.0/16" 
+      ] 
+   } 
+}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Create an ingress.
                                                                                                                                                                                                          kubectl create -f ingress-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ingress/ingress-test created
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Check the created ingress.
                                                                                                                                                                                                          kubectl get ingress
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If information similar to the following is displayed, the ingress has been created:
                                                                                                                                                                                                          NAME          CLASS    HOSTS     ADDRESS          PORTS   AGE
+ingress-test  cce      *         121.**.**.**     80      10s
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
diff --git a/docs/cce/umn/cce_10_0944.html b/docs/cce/umn/cce_10_0944.html
new file mode 100644
index 000000000..1d2e6fd6b
--- /dev/null
+++ b/docs/cce/umn/cce_10_0944.html
@@ -0,0 +1,48 @@
+
+
+
                                                                                                                                                                                                        Creating an HPA Policy with Custom Metrics
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Kubernetes' default HPA policy only allows for auto scaling based on CPU and memory usage. However, in more complex service scenarios, this may not be sufficient to meet routine O&M requirements. To resolve this issue, you can configure HPA policies with custom metrics, allowing for flexible workload scaling.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        This section uses an example to describe how to deploy an Nginx application, which uses the container_cpu_usage_core_per_second metric exposed by Prometheus to identify the number of CPU cores used by a container on a per-second basis. For more information about Prometheus metrics, see METRIC TYPES.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 1: Install Cloud Native Cluster Monitoring
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons.
                                                                                                                                                                                                        2. Locate the Cloud Native Cluster Monitoring add-on and click Install.
                                                                                                                                                                                                          Prioritize the configurations listed below and adjust any other configurations as needed. For details, see Cloud Native Cluster Monitoring.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Data Storage Configuration: Local data storage is mandatory, and other configurations are optional.
                                                                                                                                                                                                          • Custom Metric Collection: Enable this option in this example. If this option is not enabled, custom metrics cannot be collected.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Click Install.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 2: Create a Workload
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane of the cluster console, choose Workloads. Then, click Create Workload in the upper right corner. Create an Nginx workload. For details, see Creating a Deployment.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 3: Modify the Configuration File
                                                                                                                                                                                                        1. In the navigation pane of the cluster console, choose ConfigMaps and Secrets and switch to the monitoring namespace.
                                                                                                                                                                                                        2. Update user-adapter-config. You can modify the rules field in user-adapter-config to convert the metrics exposed by Prometheus to metrics that can be associated with HPA.
                                                                                                                                                                                                          Add the following example rule:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          rules:
+    - seriesQuery: 'container_cpu_usage_seconds_total{namespace!="",pod!=""}'
+      seriesFilters: []
+      resources:
+        overrides:
+          namespace:
+            resource: namespace
+          pod:
+            resource: pod
+      name:
+        matches: "^(.*)_seconds_total"
+        as: "${1}_core_per_second"
+      metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)'
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In this example, the existing container_cpu_usage_seconds_total metrics are aggregated into the container_cpu_usage_core_per_second metric, which is then used for HPA policies. For details, see Metrics Discovery and Presentation Configuration.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • seriesQuery: PromQL request data, which specifies the metrics to be obtained by users. You can configure this parameter as needed.
                                                                                                                                                                                                          • metricsQuery: aggregates the PromQL query data in seriesQuery.
                                                                                                                                                                                                          • resources: data labels in PromQL, which are used to match resources. The resources here refer to api-resource such as pods, namespaces, and nodes in a cluster. You can run kubectl api-resources -o wide to check the resources. The key corresponds to LabelName in the Prometheus data. Ensure that the Prometheus metric data contains LabelName.
                                                                                                                                                                                                          • name: indicates that Prometheus metric names are converted to readable metric names based on regular expression matching. In this example, container_cpu_usage_seconds_total is converted to container_cpu_usage_core_per_second.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Redeploy the custom-metrics-apiserver workload in the monitoring namespace.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Run the following command to check whether the metric has been added:
                                                                                                                                                                                                          kubectl get --raw  "/apis/custom.metrics.k8s.io/v1beta1/namespaces/default/pods/*/container_cpu_usage_core_per_second"
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 4: Verify HPA Scaling
                                                                                                                                                                                                        1. Choose Workloads in the navigation pane. Locate the target workload and choose More > Auto Scaling in the Operation column.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Set Policy Type to HPA+CronHPA and enable an HPA policy. You can use the custom metrics configured in rules to create the HPA policy.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Click the workload name and switch to the Auto Scaling tab page. You can find that the HPA policy has been triggered.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Scaling a Workload
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_bestpractice_00004.html b/docs/cce/umn/cce_bestpractice_00004.html
index bac2744fa..73223a5f0 100644
--- a/docs/cce/umn/cce_bestpractice_00004.html
+++ b/docs/cce/umn/cce_bestpractice_00004.html
@@ -6,34 +6,34 @@
 
                                                                                                                                                                                                        Constraints
                                                                                                                                                                                                        To access a CCE cluster through a VPN, ensure that the VPN does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Basic Concepts
                                                                                                                                                                                                        • VPC CIDR Block
                                                                                                                                                                                                          Virtual Private Cloud (VPC) enables you to provision logically isolated, configurable, and manageable virtual networks for cloud servers, cloud containers, and cloud databases. You have complete control over your virtual network, including selecting your own CIDR block, creating subnets, and configuring security groups. You can also assign EIPs and allocate bandwidth in your VPC for secure and easy access to your business system.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        • Subnet CIDR Block
                                                                                                                                                                                                          A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                                                          Figure 1 VPC CIDR block architecture
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Subnet CIDR Block
                                                                                                                                                                                                          A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                                                          Figure 1 VPC CIDR block architecture
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          By default, ECSs in all subnets of the same VPC can communicate with one another, while ECSs in different VPCs cannot communicate with each other.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          You can create a peering connection on VPC to enable ECSs in different VPCs to communicate with each other.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • Container (Pod) CIDR Block
                                                                                                                                                                                                          Pod is a Kubernetes concept. Each pod has an IP address.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          When creating a cluster on CCE, you can specify the pod (container) CIDR block, which cannot overlap with the subnet CIDR block. For example, if the subnet CIDR block is 192.168.0.0/16, the container CIDR block cannot be 192.168.0.0/18 or 192.168.1.0/18, because these addresses are included in 192.168.0.0/16.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        • Container Subnet (Only for CCE Turbo Clusters)
                                                                                                                                                                                                          In a CCE Turbo cluster, a container is assigned an IP address from the CIDR block of a VPC. The container subnet can overlap with the subnet CIDR block. Note that the subnet you select determines the maximum number of pods in the cluster. After a cluster is created, you can only add container subnets but cannot delete them.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Container Subnet (Only for CCE Turbo Clusters)
                                                                                                                                                                                                          In a CCE Turbo cluster, a container is assigned an IP address from the CIDR block of a VPC. The container subnet can overlap with the subnet CIDR block. Note that the subnet you select determines the maximum number of pods in the cluster.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • Service CIDR Block
                                                                                                                                                                                                          Service is also a Kubernetes concept. Each Service has an address. When creating a cluster on CCE, you can specify the Service CIDR block. Similarly, the Service CIDR block cannot overlap with the subnet CIDR block or the container CIDR block. The Service CIDR block can be used only within a cluster.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Single-VPC Single-Cluster Scenarios
                                                                                                                                                                                                        CCE Clusters: include clusters in VPC network model and container tunnel network model. Figure 2 shows the CIDR block planning of a cluster.
                                                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                                        • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                                                        • Container CIDR Block: cannot overlap with the subnet CIDR block.
                                                                                                                                                                                                        • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 3 shows the CIDR block planning for a CCE Turbo cluster (Cloud Native Network 2.0).
                                                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                                        • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                                                        • Container Subnet CIDR Block: The container subnet is included in the VPC CIDR block and can overlap with the subnet CIDR block or even be the same as the subnet CIDR block. Note that the container subnet size determines the maximum number of containers in the cluster because IP addresses in the VPC are directly allocated to containers. After a cluster is created, you can only add container subnets but cannot delete them. Set a larger IP address segment for the container subnet to prevent insufficient container IP addresses.
                                                                                                                                                                                                        • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo cluster)
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 3 shows the CIDR block planning for a CCE Turbo cluster (Cloud Native Network 2.0).
                                                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                                        • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                                                        • Container Subnet CIDR Block: The container subnet is included in the VPC CIDR block and can overlap with the subnet CIDR block or even be the same as the subnet CIDR block. Note that the container subnet size determines the maximum number of containers in the cluster because IP addresses in the VPC are directly allocated to containers. Set a larger IP address segment for the container subnet to prevent insufficient container IP addresses.
                                                                                                                                                                                                        • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo cluster)
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Single-VPC Multi-Cluster Scenarios
                                                                                                                                                                                                        VPC network model
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Pod packets are forwarded through VPC routes. CCE automatically configures a routing table on the VPC routes to each container CIDR block. The network scale is limited by the VPC route table. Figure 4 shows the CIDR block planning of the cluster.
                                                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                                        • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                                                        • Container CIDR Block: If multiple VPC network model clusters exist in a single VPC, the container CIDR blocks of all clusters cannot overlap because the clusters use the same routing table. In this case, if the node security group allows container CIDR block from the peer cluster, pods in one cluster can directly access pods in another cluster through the pod IP addresses.
                                                                                                                                                                                                        • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Tunnel network model
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications. Figure 5 shows the CIDR block planning of the cluster.
                                                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                                        • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                                                        • Container CIDR Block: The container CIDR blocks of all clusters can overlap. In this case, pods in different clusters cannot be directly accessed through pod IP addresses. Pods in different clusters need to access each other through Services. The LoadBlancer Services are recommended.
                                                                                                                                                                                                        • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications. Figure 5 shows the CIDR block planning of the cluster.
                                                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                                        • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                                                        • Container CIDR Block: The container CIDR blocks of all clusters can overlap. In this case, pods in different clusters cannot be directly accessed through pod IP addresses. Services are needed for accessing pods in different clusters needs. The LoadBlancer Services are recommended.
                                                                                                                                                                                                        • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Cloud Native 2.0 network model (CCE Turbo Clusters)
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        In this mode, container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and multiple types of VPC networks can be bound to deliver high performance.
                                                                                                                                                                                                        • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. In a CCE Turbo cluster, the CIDR block size affects the total number of nodes and containers that can be created in the cluster.
                                                                                                                                                                                                        • Subnet CIDR Block: There is no special restriction on the subnet CIDR blocks in CCE Turbo clusters.
                                                                                                                                                                                                        • Container Subnet: The CIDR block of the container subnet is included in the VPC CIDR block. Container subnets in different clusters can overlap with each other or overlap with the subnet CIDR block. However, you are advised to stagger the container CIDR blocks of different clusters and ensure that the container subnet CIDR blocks have sufficient IP addresses. In this case, if the ENI security group of the cluster allows the container CIDR block of the peer cluster, pods in different clusters can directly access each other through IP addresses.
                                                                                                                                                                                                        • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container subnet CIDR block of the cluster.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 6 Cloud Native 2.0 network - multi-cluster scenario
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 6 Cloud Native 2.0 network - multi-cluster scenario
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Clusters using different networks
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        When a VPC contains clusters created with different network models, comply with the following rules when creating a cluster:
                                                                                                                                                                                                        
@@ -42,17 +42,17 @@
 
                                                                                                                                                                                                        Cross-VPC Cluster Interconnection
                                                                                                                                                                                                        If VPCs cannot communicate with each other, a VPC peering connection is used to ensure communication between VPCs. When two VPC networks are interconnected, you can configure the packets to be sent to the peer VPC in the route table. 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Clusters using VPC networks
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        To allow clusters that use VPC networks to access each other across VPCs, add routes to the two ends of the VPC peering after a VPC peering connection is created.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        When creating a VPC peering connection between containers across VPCs, pay attention to the following points:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • The VPC to which the clusters belong must not overlap. In each cluster, the subnet CIDR block cannot overlap with the container CIDR block.
                                                                                                                                                                                                        • The container CIDR blocks of clusters at both ends cannot overlap, but the Service CIDR blocks can.
                                                                                                                                                                                                        • If the request end cluster uses the VPC network, check whether the node security group in the destination cluster allows the container CIDR block of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP addresses. Similarly, if nodes running in the clusters at the two ends of the VPC peering connection need to access each other, the node security group must allow the VPC CIDR block of the peer cluster.
                                                                                                                                                                                                        • You need to add routes for accessing the peer network CIDR block to the VPC routing tables at both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2.
                                                                                                                                                                                                          • Add the VPC CIDR block of the peer cluster: After the route of the VPC CIDR block is added, a pod in a cluster can access another cluster node. For example, the pod can access the port of a NodePort Service.
                                                                                                                                                                                                          • Add peer container CIDR block: After the route of the container CIDR block is added, a pod can directly access pods in another cluster through the container IP addresses.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • The VPC to which the clusters belong must not overlap. In each cluster, the subnet CIDR block cannot overlap with the container CIDR block.
                                                                                                                                                                                                          • The container CIDR blocks of clusters at both ends cannot overlap, but the Service CIDR blocks can.
                                                                                                                                                                                                          • If the request end cluster uses the VPC network, check whether the node security group in the destination cluster allows the container CIDR block of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP address. Similarly, if nodes running in the clusters at the two ends of the VPC peering connection need to access each other, the node security group must allow the VPC CIDR block of the peer cluster.
                                                                                                                                                                                                          • You need to add routes for accessing the peer network CIDR block to the VPC routing tables at both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2.
                                                                                                                                                                                                            • Add the VPC CIDR block of the peer cluster: After the route of the VPC CIDR block is added, a pod in a cluster can access another cluster node. For example, the pod can access the port of a NodePort Service.
                                                                                                                                                                                                            • Add peer container CIDR block: After the route of the container CIDR block is added, a pod can directly access pods in another cluster through the container IP addresses.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Clusters using tunnel networks
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          To allow clusters that use tunnel networks to access each other across VPCs, add routes to the two ends of the VPC peering after a VPC peering connection is created.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Pay attention to the following:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • The VPCs of the peer clusters must not overlap.
                                                                                                                                                                                                          • The container CIDR blocks of all clusters can overlap, so do the Service CIDR blocks.
                                                                                                                                                                                                          • If the request end cluster uses the tunnel network, check whether the node security group in the destination cluster allows the VPC CIDR block (including the node subnets) of the request end cluster. If yes, nodes in one cluster can access nodes in another cluster. However, pods in different clusters cannot be directly accessed using pod IP addresses. Access between pods in different clusters requires Services. The LoadBlancer Services are recommended.
                                                                                                                                                                                                          • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access another cluster node, for example, accessing the port of a NodePort Service.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Clusters using Cloud Native 2.0 networks (CCE Turbo clusters)
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          After creating a VPC peering connection, add routes of the VPC peering connection to both ends so that the two VPCs can communicate with each other. Pay attention to the following:
                                                                                                                                                                                                          • The VPCs of the peer clusters must not overlap.
                                                                                                                                                                                                          • If the request end cluster uses the Cloud Native 2.0 network, check whether the ENI security group (named in the format of {Cluster name}-cce-eni-{Random ID}) of the destination cluster allows the VPC CIDR block (including the node subnets and container CIDR block) of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP addresses. Similarly, if nodes in the clusters at the two ends of the VPC peering need to access each other, allow the VPC CIDR block of the peer cluster in the node security group (named in the format of {Cluster name}-cce-node-{Random ID}).
                                                                                                                                                                                                          • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access pod IP addresses or nodes in another cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          After creating a VPC peering connection, add routes of the VPC peering connection to both ends so that the two VPCs can communicate with each other. Pay attention to the following:
                                                                                                                                                                                                          • The VPCs of the clusters at the two ends must not overlap.
                                                                                                                                                                                                          • If the request end cluster uses the Cloud Native 2.0 network, check whether the ENI security group (named in the format of {Cluster name}-cce-eni-{Random ID}) of the destination cluster allows the VPC CIDR block (including the node subnets and container CIDR block) of the request end cluster. If yes, pods in one cluster can directly access pods in another cluster through the pod IP addresses. Similarly, if nodes in the clusters at the two ends of the VPC peering need to access each other, allow the VPC CIDR block of the peer cluster in the node security group (named in the format of {Cluster name}-cce-node-{Random ID}).
                                                                                                                                                                                                          • The VPC CIDR block route of the peer cluster must be added to the VPC routing tables of both ends. For example, you need to add a route for accessing the CIDR block of VPC 2 to the route table of VPC 1, and add a route for accessing VPC 1 to the route table of VPC 2. After the route of the VPC CIDR block is added, the pod can access pod IP addresses or nodes in another cluster.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Clusters using different networks
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          If clusters using different networks need to communicate with each other across VPCs, every one of them may serve as the request end or destination end. Pay attention to the following:
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0002.html b/docs/cce/umn/cce_bestpractice_0002.html
index a5942f137..08de92346 100644
--- a/docs/cce/umn/cce_bestpractice_0002.html
+++ b/docs/cce/umn/cce_bestpractice_0002.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                          CCE is an enterprise-class container service based on open-source Kubernetes. It is a high-performance and high-reliability service through which enterprises can manage containerized applications. CCE supports native Kubernetes applications and tools, allowing you to easily set up a container runtime in the cloud.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Why Is a Container Preferred?
                                                                                                                                                                                                          • More efficient use of system resources
                                                                                                                                                                                                            A container does not require extra costs such as fees for hardware virtualization and those for running a complete OS. Therefore, a container has higher resource usage. Compared with a VM with the same configurations, a container can run more applications. 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • Faster startup
                                                                                                                                                                                                            A container directly runs on the host kernel and does not need to start a complete OS. Therefore, a container can be started within seconds or even milliseconds, greatly saving the development, testing, and deployment time. 
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Faster startup
                                                                                                                                                                                                            A container directly runs on the host kernel and does not need to start a complete OS. Therefore, a container can be started within seconds or even milliseconds, greatly saving the development, testing, and deployment time.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          • Consistent runtime environment
                                                                                                                                                                                                            A container image provides a complete runtime environment to ensure environment consistency. In this case, problems (for example, some code runs properly on machine A but fails to run on machine B) will not occur.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          • Easier application migration, maintenance, and scaling
                                                                                                                                                                                                            A consistent runtime environment makes application migration easier. In addition, the in-use storage and image technologies facilitate the reuse of repeated applications and simplifies the expansion of images based on base images.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0003.html b/docs/cce/umn/cce_bestpractice_0003.html
index b779c179b..385a168a8 100644
--- a/docs/cce/umn/cce_bestpractice_0003.html
+++ b/docs/cce/umn/cce_bestpractice_0003.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                          No recoding or re-architecting is required. You only need to pack the entire application into a container image and deploy the container image on CCE.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Introduction
                                                                                                                                                                                                          In this example, the enterprise management application is developed by enterprise A. This application is provided for third-party enterprises for use, and enterprise A is responsible for application maintenance.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          When a third-party enterprise needs to use this application, a suit of Tomcat application and MongoDB database must be deployed for the third-party enterprise. The MySQL database, used to store data of third-party enterprises, is provided by enterprise A.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Figure 1 Application architecture
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Figure 1 Application architecture
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          As shown in Figure 1, the application is a standard Tomcat application, and its backend interconnects with MongoDB and MySQL databases. For this type of applications, there is no need to split the architecture. The entire application is built as an image, and the MongoDB database is deployed in the same image as the Tomcat application. In this way, the application can be deployed or upgraded through the image.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • Interconnecting with the MongoDB database for storing user files.
                                                                                                                                                                                                          • Interconnecting with the MySQL database for storing third-party enterprise data. The MySQL database is an external cloud database.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_00035.html b/docs/cce/umn/cce_bestpractice_00035.html
index b315a179c..f628fb2e2 100644
--- a/docs/cce/umn/cce_bestpractice_00035.html
+++ b/docs/cce/umn/cce_bestpractice_00035.html
@@ -1,30 +1,54 @@
 
 
 
                                                                                                                                                                                                          Obtaining the Client Source IP Address for a Container
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          In containers, multiple types of proxy servers may exist between a client and the container servers. After an external request is forwarded for multiple times, the source IP address of the client cannot be transmitted to the containers. As a result, Services in the containers cannot obtain the real source IP addresses of the client.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          Layer-7 forwarding:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Ingresses: If this access mode is used, the client's source IP address is saved in the X-Forwarded-For field of the HTTP header by default. No other configuration is required.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • LoadBalancer Ingresses use ELB for Layer 7 network access between the Internet and internal network (in the same VPC) based on the ELB service.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Layer-4 forwarding:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • LoadBalancer: Use ELB to achieve load balancing. You can manually enable the Transfer Client IP Address option for TCP and UDP listeners of shared load balancers. By default, the Transfer Client IP Address option is enabled for TCP and UDP listeners of dedicated load balancers. You do not need to manually enable it.
                                                                                                                                                                                                          • NodePort: The container port is mapped to the node port. If the cluster-level affinity is selected, access requests will be forwarded through the node and the client source IP address cannot be obtained. If the node-level affinity is selected, access requests will not be forwarded and the client source IP address can be obtained.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          When using containers, clients may communicate with them through multiple proxy servers. However, this can cause issues with transferring the clients' source IP addresses to the containers' services. This section describes how to effectively obtain the source IP address of a client in a container based on different network solutions provided by CCE clusters.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          The method for obtaining source client IP addresses may vary with the network settings. The following shows some typical network configurations and their corresponding solutions:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Ingress Layer-7 forwarding: When accessing an application at Layer-7, the client's source IP address is automatically saved in the X-Forwarded-For field of the HTTP header. No additional configurations are needed to obtain the client's source IP address.
                                                                                                                                                                                                          • Service Layer-4 forwarding: The method and principle for obtaining the source IP addresses will depend on the type of Services being used.
                                                                                                                                                                                                            • LoadBalancer Service: A load balancer is used as the traffic entry. Both shared and dedicated load balancers are supported.
                                                                                                                                                                                                              • For a shared load balancer, you need to enable the function of obtaining client IP addresses on the listeners.
                                                                                                                                                                                                              • By default, the function of obtaining client IP addresses is enabled for a dedicated load balancer listener.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            • NodePort Service: Container ports are mapped to node ports, which are used as the entry for external services. The capability of obtaining client source IP addresses depends on the service affinity.
                                                                                                                                                                                                              • In a cluster-level service affinity for a NodePort Service, traffic is forwarded within the cluster, which means the backend containers of the Service cannot access the client's source IP address.
                                                                                                                                                                                                              • In a node-level service affinity for a NodePort Service, the traffic can directly reach the container without any forwarding. This allows the backend containers of the Service to obtain the source IP address of the client.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          ELB Ingress
                                                                                                                                                                                                          For the ELB Ingresses (using HTTP- or HTTPS-compliant), the function of obtaining the source IP addresses of the client is enabled by default. No other operation is required.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          The real IP address is placed in the X-Forwarded-For HTTP header field by the load balancer in the following format:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          X-Forwarded-For: IP address of the client,Proxy server 1-IP address,Proxy server 2-IP address,...
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          If you use this method, the first IP address obtained is the IP address of the client.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A client source IP address is placed in the X-Forwarded-For field of the HTTP header by the load balancer. The format is as follows:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          X-Forwarded-For: <client-source-IP-address>, <proxy-server-1-IP-address>, <proxy-server-2-IP-address>, ...
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The first IP address obtained from the X-Forwarded-For field is the client source IP address.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Nginx Ingress
                                                                                                                                                                                                          • For an Nginx Ingress that uses a dedicated load balancer, transparent transmission of source IP addresses is enabled by default. This means that you can easily obtain the source IP address of the client without any additional configurations.
                                                                                                                                                                                                          • For an Nginx Ingress that uses a shared load balancer, perform the following steps to obtain the source IP address of the client:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Take the Nginx workload as an example. Before configuring the source IP address, obtain the access logs. nginx-c99fd67bb-ghv4q indicates the pod name.
                                                                                                                                                                                                            kubectl logs nginx-c99fd67bb-ghv4q
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            ...
+10.0.0.7 - - [17/Aug/2023:01:30:11 +0000] "GET / HTTP/1.1" 200 19 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "100.125.**.**"
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            100.125.**.** specifies the CIDR block of the load balancer, indicating that the traffic is forwarded through the load balancer.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. Enable Transfer Client IP Address. This operation is required only when shared load balancers are used. For dedicated load balancers, source IP address-based transparent transmission is enabled by default.
                                                                                                                                                                                                            1. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                                            2. Choose Service List > Networking > Elastic Load Balance.
                                                                                                                                                                                                            3. On the Elastic Load Balance page, click the name of the target load balancer.
                                                                                                                                                                                                            4. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                                                            5. Enable Transfer Client IP Address.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          3. Access the workload again and view the new access log.
                                                                                                                                                                                                            ...
+10.0.0.7 - - [17/Aug/2023:02:43:11 +0000] "GET / HTTP/1.1" 304 0 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "124.**.**.**"
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            The source IP address of the client is obtained.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           
                                                                                                                                                                                                          You can enable WAF for the load balancers used by Nginx Ingress Controllers in clusters, but different WAF modes will affect how Nginx Ingress Controllers obtain the real client IP addresses.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Load balancer access in WAF cloud CNAME access mode
                                                                                                                                                                                                            When using the cloud CNAME access mode, requests go through WAF and are checked for protection before being sent to the load balancer. This means that even if the load balancer has transparent transmission of source IP addresses enabled, the client will receive the back-to-source IP address of WAF. Consequently, the Nginx Ingress Controller is unable to obtain the real client IP address by default. In this case, you can edit the NGINX Ingress Controller add-on and add the following configuration to the add-on parameters:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            {
+     "enable-real-ip": "true",
+     "use-forwarded-headers": "true",
+     "proxy-real-ip-cidr": <Back-to-source IP address you obtained from WAF> 
+}
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Load balancer access in the cloud WAF mode
                                                                                                                                                                                                            This mode is transparent access (non-inline deployment) and supports only dedicated load balancers. In this mode, Nginx Ingress Controllers can obtain the real client IP address by default.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          LoadBalancer
                                                                                                                                                                                                          For a LoadBalancer Service, different types of clusters obtain source IP addresses in different scenarios. In some scenarios, source IP addresses cannot be obtained currently.
                                                                                                                                                                                                          • CCE Clusters (using VPC or Tunnel network): Source IP addresses can be obtained when either a shared or dedicated load balancer is used.
                                                                                                                                                                                                          • CCE Turbo Clusters (using the Cloud Native Network 2.0): Source IP addresses can be obtained for dedicated load balancers, and for shared load balancers with hostNetwork enabled.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          VPC and Container Tunnel Network Models
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          To enable the function of obtaining the source IP address on the console, perform the following steps:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. When creating a LoadBalancer Service on the CCE console, set Service Affinity to Node-level instead of Cluster-level.
                                                                                                                                                                                                          2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                                                            1. Log in to the ELB console.
                                                                                                                                                                                                            2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                                            3. Click Service List. Under Networking, click Elastic Load Balance.
                                                                                                                                                                                                            4. On the Load Balancers page, click the name of the load balancer.
                                                                                                                                                                                                            5. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                                                            6. Enable Transfer Client IP Address.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            1. When creating a LoadBalancer Service on the CCE console, set Service Affinity to Node-level instead of Cluster-level.
                                                                                                                                                                                                            2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                                                              1. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                                              2. Choose Service List > Networking > Elastic Load Balance.
                                                                                                                                                                                                              3. On the Elastic Load Balance page, click the name of the target load balancer.
                                                                                                                                                                                                              4. Click the Listeners tab, locate the row containing the target listener, and click Edit. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                                                              5. Enable Transfer Client IP Address.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Cloud Native Network 2.0 Model (CCE Turbo Clusters)
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            In the Cloud Native Network 2.0 model, when a shared load balancer is used for load balancing, the service affinity cannot be set to Node-level. As a result, source IP addresses cannot be obtained. To obtain a source IP address, you must use a dedicated load balancer. External access to the container does not need to pass through the forwarding plane.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            By default, transparent transmission of source IP addresses is enabled for dedicated load balancers. You do not need to manually enable Transfer Client IP Address on the ELB console. Instead, you only need to select a dedicated load balancer when creating a LoadBalancer Service on the CCE console.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Cloud Native 2.0 Network Model (CCE Turbo Clusters)
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            When a LoadBalancer Service associated with a shared load balancer is created:
                                                                                                                                                                                                            • For workloads with hostNetwork enabled, you can set Service Affinity to Node-level to obtain the source IP addresses.
                                                                                                                                                                                                            • For other workloads, you cannot set Service Affinity to Node-level, so the source IP addresses cannot be obtained.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Dedicated load balancers are recommended. External access can be directly sent to containers. By default, transparent transmission of source IP addresses is enabled for dedicated load balancers. You do not need to manually enable Transfer Client IP Address on the ELB console. Instead, you only need to select a dedicated load balancer when creating a LoadBalancer Service on the CCE console.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          NodePort
                                                                                                                                                                                                          Set the service affinity of a NodePort Service to Node-level instead of Cluster-level. That is, set spec.externalTrafficPolicy of the Service to Local.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                           
                                                                                                                                                                                                          When a node (using Cloud Native Network 2.0) accesses a NodePort Service, source IP addresses can be obtained only when hostNetwork is enabled for workloads.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           
                                                                                                                                                                                                          In clusters using Cloud Native 2.0 networks, if NodePort Services are used, only workloads with hostNetwork enabled support node-level service affinity. Therefore, only such workloads can obtain source IP addresses.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0004.html b/docs/cce/umn/cce_bestpractice_0004.html
index 78650fb69..cbec7301a 100644
--- a/docs/cce/umn/cce_bestpractice_0004.html
+++ b/docs/cce/umn/cce_bestpractice_0004.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                                                          Containerization Process
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          To fully containerize an application, you must go through the entire process.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          This involves analyzing the application, setting up the runtime environment for the application, compiling the startup script and Dockerfile, creating and uploading images, and creating containerized workloads.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          For details about each step of the containerization, see Figure 1.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Figure 1 Process of containerizing an application
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This involves analyzing the application, setting up the runtime environment for the application, compiling the startup script and Dockerfile, creating and uploading images, and creating containerized workloads.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          For details about each step of the containerization, see Containerization Process.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Figure 1 Process of containerizing an application
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0006.html b/docs/cce/umn/cce_bestpractice_0006.html
index c46d96752..c0bde7a59 100644
--- a/docs/cce/umn/cce_bestpractice_0006.html
+++ b/docs/cce/umn/cce_bestpractice_0006.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                                          Preparing the Application Runtime
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          After application analysis, you have gained the understanding of the OS and runtime required for running the application. Make the following preparations:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • Installing Docker: During application containerization, build a container image. To do so, you have to prepare a PC and install Docker on it.
                                                                                                                                                                                                          • Obtaining the base image tag: Determine the base image based on the OS on which the application runs. In this example, the application runs on CentOS 7.1 and the base image can be obtained from an open-source image repository.
                                                                                                                                                                                                          • Obtaining the runtime: Obtain the runtime of the application and the MongoDB database with which the application interconnects.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Installing Docker: During application containerization, build a container image. To do so, you have to prepare a PC and install Docker on it.
                                                                                                                                                                                                          • Obtaining the runtime: Obtain the runtime of the application and the MongoDB database with which the application interconnects.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Installing Docker
                                                                                                                                                                                                          Docker is compatible with almost all operating systems. Select a Docker version that best suits your needs.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                           
                                                                                                                                                                                                          SWR uses Docker 1.11.2 or later to upload images. 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          It is recommended that you install Docker and build images as the user root. Make sure to obtain the user root password for the host where Docker will be installed beforehand.
                                                                                                                                                                                                          
@@ -17,12 +17,6 @@ API Version:1.35
 
                                                                                                                                                                                                          Version indicates the version number. 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • 
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Obtaining the Base Image Tag
                                                                                                                                                                                                        Determine the base image based on the OS on which the application runs. In this example, the application runs on CentOS 7.1 and the base image can be obtained from an open-source image repository.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                         
                                                                                                                                                                                                        Search for the image tag based on the OS on which the application runs.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Visit the Docker website.
                                                                                                                                                                                                        2. Search for CentOS. The image corresponding to CentOS 7.1 is centos7.1.1503. Use this image name when editing the Dockerfile.
                                                                                                                                                                                                          Figure 1 Obtaining the CentOS version
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Obtaining the Runtime
                                                                                                                                                                                                        In this example, the web application of the Tomcat type is used. This application requires the runtime of Tomcat 7.0, and Tomcat requires JDK 1.8. In addition, the application must interconnect with the MongoDB database in advance.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        Download the environment required by the application.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0007.html b/docs/cce/umn/cce_bestpractice_0007.html
index 1fb586b83..daa7180ad 100644
--- a/docs/cce/umn/cce_bestpractice_0007.html
+++ b/docs/cce/umn/cce_bestpractice_0007.html
@@ -5,8 +5,7 @@
 
                                                                                                                                                                                                        • Start up the software on which the application depends.
                                                                                                                                                                                                        • Set the configurations that need to be changed as the environment variables.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        Startup scripts vary according to applications. Edit the script based on your service requirements.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Procedure
                                                                                                                                                                                                        1. Log in as user root to the device running Docker.
                                                                                                                                                                                                        2. Run the following commands to create the directory where the application is to be stored:
                                                                                                                                                                                                          mkdir apptest
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          cd apptest
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Procedure
                                                                                                                                                                                                          1. Log in as user root to the device running Docker.
                                                                                                                                                                                                          2. Run the following command to switch to the directory where the application is to be stored:
                                                                                                                                                                                                            cd apptest
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          3. Compile a script file. The name and content of the script file vary according to applications. Edit the script file based on your application. The following example is only for your reference. 
                                                                                                                                                                                                            vi start_tomcat_and_mongo.sh
                                                                                                                                                                                                            #!/bin/bash
 # Load system environment variables.
 source  /etc/profile
diff --git a/docs/cce/umn/cce_bestpractice_0008.html b/docs/cce/umn/cce_bestpractice_0008.html
index 88301ea0c..445290280 100644
--- a/docs/cce/umn/cce_bestpractice_0008.html
+++ b/docs/cce/umn/cce_bestpractice_0008.html
@@ -7,9 +7,9 @@
 
                                                                                                                                                                                                             
                                                                                                                                                                                                            Dockerfiles vary according to applications. Dockerfiles need to be compiled based on actual service requirements.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Procedure
                                                                                                                                                                                                            1. Log in as the root user to the device running Docker.
                                                                                                                                                                                                            2. Compile a Dockerfile.
                                                                                                                                                                                                              vi Dockerfile
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              The content is as follows:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              # Centos:7.1.1503 is used as the base image.
-FROM centos:7.1.1503                     
+
                                                                                                                                                                                                              The Dockerfile content is as follows: (You can pull CentOS images from the image repository.)
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              # CentOS 7 is used as the basic image.
+FROM hub.atomgit.com/amd64/centos:centos7   
 # Create a folder to store data and dependency files. You are advised to write multiple commands into one line to reduce the image size.
 RUN mkdir -p /usr/local/mongodb/data \   
  && mkdir -p /usr/local/mongodb/bin \ 
diff --git a/docs/cce/umn/cce_bestpractice_0009.html b/docs/cce/umn/cce_bestpractice_0009.html
index 9f16c7055..f5a009419 100644
--- a/docs/cce/umn/cce_bestpractice_0009.html
+++ b/docs/cce/umn/cce_bestpractice_0009.html
@@ -9,10 +9,9 @@
 
                                                                                                                                                                                                              Basic Concepts
                                                                                                                                                                                                              • Image: A Docker image is a special file system that includes everything needed to run containers: programs, libraries, resources, settings, and so on. It also includes corresponding configuration parameters (such as anonymous volumes, environment variables, and users) required within a container runtime. An image does not contain any dynamic data, and its content remains unchanged after being built.
                                                                                                                                                                                                              • Container: Images become containers at runtime, that is, containers are created from images. A container can be created, started, stopped, deleted, or suspended.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Procedure
                                                                                                                                                                                                              1. Log in as the root user to the device running Docker.
                                                                                                                                                                                                              2. Enter the apptest directory.
                                                                                                                                                                                                                cd apptest
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                ll
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Ensure that files used to build the image are stored in the same directory.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              3. Build an image.
                                                                                                                                                                                                                docker build -t apptest .
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              4. Build an image.
                                                                                                                                                                                                                docker build -t apptest:v1 .
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              5. Upload the image to SWR. For details, see Uploading an Image Through the Client.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_0010.html b/docs/cce/umn/cce_bestpractice_0010.html
index a8c0bfb5d..0f9c6c641 100644
--- a/docs/cce/umn/cce_bestpractice_0010.html
+++ b/docs/cce/umn/cce_bestpractice_0010.html
@@ -24,7 +24,7 @@
 
 
                                                                                                                                                                                                      Create a VPC before you create a cluster. A VPC provides an isolated, configurable, and manageable virtual network environment for CCE clusters.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If you have a VPC already, skip to the next task.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                                      2. In the service list, choose Networking > Virtual Private Cloud.
                                                                                                                                                                                                      3. On the Dashboard page, click Create VPC.
                                                                                                                                                                                                      4. Follow the instructions to create a VPC. Retain default settings for parameters unless otherwise specified.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                                      2. In the service list, choose Networking > Virtual Private Cloud.
                                                                                                                                                                                                      3. On the Dashboard page, click Create VPC.
                                                                                                                                                                                                      4. Follow the instructions to create a VPC. Retain default settings for parameters unless otherwise specified.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      2
                                                                                                                                                                                                      
@@ -32,8 +32,7 @@
 
                                                                                                                                                                                                      Creating a key pair
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Create a key pair before you create a containerized application. Key pairs are used for identity authentication during remote login to a node. If you have a key pair already, skip this task. 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                                      2. In the service list, choose Data Encryption Workshop under Security & Compliance.
                                                                                                                                                                                                      3. In the navigation pane, choose Key Pair Service. On the Private Key Pairs tab, click Create Key Pair.
                                                                                                                                                                                                      4. Enter a key pair name, select I agree to host the private key of the key pair. and I have read and agree to the Key Pair Service Disclaimer, and click OK.
                                                                                                                                                                                                      5. In the dialog box displayed, click OK.
                                                                                                                                                                                                        View and save the key pair. For security purposes, a key pair can be downloaded only once. Keep it secure to ensure successful login. 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                                      2. In the service list, choose Data Encryption Workshop under Security & Compliance.
                                                                                                                                                                                                      3. In the navigation pane, choose Key Pair Service. On the Private Key Pairs tab, click Create Key Pair.
                                                                                                                                                                                                      4. Enter a key pair name, select I agree to host the private key of the key pair. and I have read and agree to the Key Pair Service Disclaimer, and click OK.
                                                                                                                                                                                                      5. View and save the private key. For security purposes, a key pair can be downloaded only once. Keep it secure to ensure successful login.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      *Cluster Type
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • CCE cluster: supports VM nodes. You can run your containers in a secure and stable container runtime environment based on a high-performance network model.
                                                                                                                                                                                                      • CCE Turbo cluster: runs on a cloud native infrastructure that features software-hardware synergy to support passthrough networking, high security and reliability, and intelligent scheduling, and BMS nodes.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • CCE cluster: supports VM nodes. You can run your containers in a secure and stable container runtime environment based on a high-performance network model.
                                                                                                                                                                                                      • CCE Turbo cluster: runs on a cloud native infrastructure that features hardware-software synergy to support passthrough networking, high security and reliability, intelligent scheduling, and BMS nodes.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      CCE cluster
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The first data disk attached to a node for container engine and kubelet
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Expanding Data Disk Capacity
                                                                                                                                                                                                      
+                                                                                                                                                                                                      		
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Container storage
                                                                                                                                                                                                      
@@ -120,34 +120,39 @@ tmpfs                         tmpfs     1.8G   75M  1.8G   5% /tmp
 ...
 
                                                                                                                                                                                                    9. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                      10. 
 
-
                                                                                                                                                                                                      Expanding Data Disk Capacity
                                                                                                                                                                                                      The first data disk of a CCE node is composed of container engine and kubelet space by default. If either of them reaches full capacity, you can expand the disk space as needed.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Expanding the Container Engine Capacity
                                                                                                                                                                                                      The available container engine space affects image pulls and container startup and running. This section uses containerd as an example to describe how to expand the container engine capacity.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Expanding the Container Engine Capacity
                                                                                                                                                                                                      The available container engine space affects image pulls and container startup and running. This section uses containerd as an example to describe how to expand the container engine capacity.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                                        Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                                                      4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                                        A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                          # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                   8:0    0   50G  0 disk 
-└─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                          
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
 
                                                                                                                                                                                                        2. Expand the disk capacity.
                                                                                                                                                                                                          Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                            pvresize /dev/vdb
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                              pvresize /dev/sdb
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Physical volume "/dev/vdb" changed
+
                                                                                                                                                                                                              Physical volume "/dev/sdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                              lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+
                                                                                                                                                                                                              Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to 140.00 GiB (35840 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                              resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
-old_desc_blocks = 12, new_desc_blocks = 24
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                              
+old_desc_blocks = 12, new_desc_blocks = 18
+The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. Check whether the capacity is expanded.
                                                                                                                                                                                                            # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk
+├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                            # lsblk
@@ -172,7 +177,20 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                        4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                          # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   167G  0 lvm             # Thin pool space after capacity expansion
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                          
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
@@ -180,57 +198,94 @@ Logical volume vgpaas/thinpool successfully resized.
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
 
                                                                                                                                                                                                      2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                        lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (4607 extents) to <118.00 GiB (30208 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                        resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
-old_desc_blocks = 4, new_desc_blocks = 16
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                        
+old_desc_blocks = 3, new_desc_blocks = 15
+The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
+
                                                                                                                                                                                                      4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   118G  0 lvm  /var/lib/docker     # dockersys after capacity expansion
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm             
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      
 
-
                                                                                                                                                                                                      Expanding the kubelet Capacity
                                                                                                                                                                                                      The kubelet space serves as a temporary storage location for kubelet components and EmptyDir. You can follow the following steps to increase the kubelet capacity:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Expanding the kubelet Capacity
                                                                                                                                                                                                      The kubelet space serves as a temporary storage location for kubelet components and EmptyDir. You can follow the following steps to increase the kubelet capacity:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Expand the capacity of a data disk on the EVS console. 
                                                                                                                                                                                                        Only the storage capacity of the EVS disk is expanded. You also need to perform the following steps to expand the capacity of the logical volume and file system.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                                                      4. Run lsblk to view the block device information of the node.
                                                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                   8:0    0   50G  0 disk 
-└─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd            # Space used by the container engine
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      5. Perform the following operations on the node to add the new disk capacity to the kubelet space:
                                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where kubelet is located.
                                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                                          
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  200G  0 disk       #The data disk has been expanded to 200 GiB, but 50 GiB space is not allocated.
+├─vgpaas-dockersys  253:0    0  140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
+
                                                                                                                                                                                                        2. Perform the following operations on the node to add the new disk capacity to the kubelet space:
                                                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where kubelet is located.
                                                                                                                                                                                                            pvresize /dev/sdb
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Physical volume "/dev/vdb" changed
+
                                                                                                                                                                                                            Physical volume "/dev/sdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/kubernetes specifies the logical volume used by kubelet.
                                                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/kubernetes
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Size of logical volume vgpaas/kubernetes changed from <10.00 GiB (2559 extents) to <110.00 GiB (28159 extents).
+
                                                                                                                                                                                                            Size of logical volume vgpaas/kubernetes changed from <10.00 GiB (2559 extents) to <60.00 GiB (15359 extents).
 Logical volume vgpaas/kubernetes successfully resized.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          3. Adjust the size of the file system. /dev/vgpaas/kubernetes specifies the file system path of the container engine.
                                                                                                                                                                                                            resize2fs /dev/vgpaas/kubernetes
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Filesystem at /dev/vgpaas/kubernetes is mounted on /mnt/paas/kubernetes/kubelet; on-line resizing required
-old_desc_blocks = 2, new_desc_blocks = 14
-The filesystem on /dev/vgpaas/kubernetes is now 28834816 (4k) blocks long.
                                                                                                                                                                                                            
+old_desc_blocks = 2, new_desc_blocks = 8
+The filesystem on /dev/vgpaas/kubernetes is now 15727616 blocks long.
 
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Run lsblk to view the block device information of the node.
                                                                                                                                                                                                          # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  200G  0 disk   
+├─vgpaas-dockersys  253:0    0  140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   60G  0 lvm  /mnt/paas/kubernetes/kubelet  # Allocate the new disk to the kubelet space.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Expanding the Capacity of a Data Disk Used by Pod (basesize)
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                      2. Choose Nodes from the navigation pane.
                                                                                                                                                                                                      3. Click the Nodes tab, locate the row containing the target node, and choose More > Reset Node in the Operation column.
                                                                                                                                                                                                         
                                                                                                                                                                                                        Resetting a node may make unavailable the node-specific resources (such as local storage and workloads scheduled to this node). Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Expanding the Capacity of a Data Disk Used by Pod (basesize)
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. Choose Nodes from the navigation pane.
                                                                                                                                                                                                        3. Click the Nodes tab, locate the row containing the target node, and choose More > Reset Node in the Operation column.
                                                                                                                                                                                                           
                                                                                                                                                                                                          Resetting a node may make the node-specific resources (such as local storage and workloads scheduled to this node) unavailable. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        4. Click Yes.
                                                                                                                                                                                                        5. Reconfigure node parameters.
                                                                                                                                                                                                          If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Storage Settings: Click Expand next to the data disk to set the following parameters:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        6. Reconfigure node parameters.
                                                                                                                                                                                                          If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Storage Settings: Click Expand next to the data disk to set the following parameter:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Space Allocation for Pods: indicates the base size of a pod. It is the maximum size that a workload's pods (including the container images) can grow to in the disk space. Proper settings can prevent pods from taking all the disk space available and avoid service exceptions. It is recommended that the value is less than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios. For details, see Data Disk Space Allocation.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        7. After the node is reset, log in to the node and run the following command to access the container and check whether the container storage capacity has been expanded:
                                                                                                                                                                                                          docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        8. After the node is reset, log in to the node and check whether the container capacity has been expanded. The command output varies with the container storage rootfs.
                                                                                                                                                                                                          • Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                            docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            df -h
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the information similar to the following is displayed, the overlay capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Filesystem                    Size   Used   Avail   Use%   Mounted on
+overlay                        15G   104K     15G     1%   /
+tmpfs                          64M      0     64M     0%   /dev
+tmpfs                         3.6G      0    3.6G     0%   /sys/fs/cgroup
+/dev/mapper/vgpaas-share       98G   4.0G     89G     5%   /etc/hosts
+...
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Devicemapper: A thin pool is allocated to store image data. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                            docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            df -h
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the information similar to the following is displayed, the thin pool capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Filesystem                            Size   Used   Avail   Use%   Mounted on
+/dev/mapper/vgpaas-thinpool-snap-84    15G   232M     15G     2%   /
+tmpfs                                  64M      0     64M     0%   /dev
+tmpfs                                 3.6G      0    3.6G     0%   /sys/fs/cgroup
+/dev/mapper/vgpaas-kubernetes          11G    41M     11G     1%   /etc/hosts
+/dev/mapper/vgpaas-dockersys           20G   1.1G     18G     6%   /etc/hostname
+...
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Expanding a PVC
                                                                                                                                                                                                        Cloud storage:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • OBS and SFS: There is no storage restriction and capacity expansion is not required.
                                                                                                                                                                                                        • EVS:
                                                                                                                                                                                                          • You can expand the capacity of automatically created volumes on the console. The procedure is as follows:
                                                                                                                                                                                                            1. Choose Storage in the navigation pane. In the right pane, click the PVCs tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                                                            2. Enter the capacity to be added and click OK.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        • For SFS Turbo, expand the capacity on the SFS console and then change the capacity in the PVC.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      4. SFS Turbo: You can expand the capacity on the SFS console and then change the capacity in the PVC.
                                                                                                                                                                                                        5. 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00199.html b/docs/cce/umn/cce_bestpractice_00199.html
index 39f3606a0..c54ddb056 100644
--- a/docs/cce/umn/cce_bestpractice_00199.html
+++ b/docs/cce/umn/cce_bestpractice_00199.html
@@ -1,117 +1,428 @@
 
 
-
                                                                                                                                                                                                      Mounting an Object Storage Bucket of a Third-Party Tenant
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      This section describes how to mount OBS buckets and OBS parallel file systems (preferred) of third-party tenants.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      The CCE cluster of a SaaS service provider needs to be mounted with the OBS bucket of a third-party tenant, as shown in Figure 1.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 1 Mounting an OBS bucket of a third-party tenant
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. The third-party tenant authorizes the SaaS service provider to access the OBS buckets or parallel file systems by setting the bucket policy and bucket ACL.
                                                                                                                                                                                                      2. The SaaS service provider statically imports the OBS buckets and parallel file systems of the third-party tenant.
                                                                                                                                                                                                      3. The SaaS service provider processes the service and writes the processing result (result file or result data) back to the OBS bucket of the third-party tenant.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Mounting Object Storage Across Accounts
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      • Cross-account data sharing. For example, multiple teams within a company need to share data, but each team uses a different account.
                                                                                                                                                                                                      • Cross-account data migration and backup. When account A is about to be disabled, all data stored in the account needs to be transferred to a new account (account B).
                                                                                                                                                                                                      • Data processing and analysis. For example, account B is an external data processor and needs to access raw data from account A to perform tasks such as big data analysis and machine learning.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      By linking object storage across accounts, you can share data, lower storage and transmission expenses, and guarantee data security and consistency. This enables various teams or organizations to securely and conveniently access each other's data resources, eliminating the need for repeated storage and redundant transmission. Additionally, data is kept current and compliant, enhancing overall service efficiency and security.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Precautions
                                                                                                                                                                                                      • Only parallel file systems and OBS buckets of third-party tenants in the same region can be mounted.
                                                                                                                                                                                                      • Only clusters where the everest add-on of v1.1.11 or later has been installed (the cluster version must be v1.15 or later) can be mounted with OBS buckets of third-party tenants.
                                                                                                                                                                                                      • The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      Assume that account B needs to access and use an OBS bucket of account A. For details, see Figure 1 and Table 1.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 Mounting an OBS bucket across accounts
                                                                                                                                                                                                      
+
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 1 Process description
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 1: Create an OBS Bucket Policy and ACL
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Configure an OBS bucket policy and ACL using account A and grant account B required permissions like the read and write permissions.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 2: Create a Workload with an OBS Volume Mounted
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Create a PV and a PVC based on the OBS bucket of account A using account B and mount the PVC to the required workload.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 3: Check the Pod Actions on the OBS Bucket
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check whether the pod created by account B has the required permissions based on the bucket policy.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 4: Clear Resources
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Once you have studied this example, delete any associated resources to prevent incurring settlement fees.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Authorizing the SaaS Service Provider to Access the OBS Buckets
                                                                                                                                                                                                      The following uses an OBS bucket as an example to describe how to set a bucket policy and bucket ACL to authorize the SaaS service provider. The configuration for an OBS parallel file system is the same.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the OBS console.
                                                                                                                                                                                                      2. In the bucket list, click the name of the target bucket and access the Overview page.
                                                                                                                                                                                                      1. In the navigation pane, choose Permissions > Bucket Policies. On the displayed page, click Create to create a bucket policy.
                                                                                                                                                                                                        Figure 2 Creating a bucket policy
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • Policy Mode: Select Customized.
                                                                                                                                                                                                        • Effect: Select Allow.
                                                                                                                                                                                                        • Principal: Select Include, select Cloud service user, and enter the account ID and user ID. The bucket policy is applied to the specified user.
                                                                                                                                                                                                        • Resources: Select the resource that can be operated.
                                                                                                                                                                                                        • Actions: Select the action that can be operated.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      2. In the navigation pane, choose Permissions > Bucket ACLs. In the right pane, click Add. Enter the account ID or account name of the authorized user, select Read and Write for Access to Bucket, select Read and Write for Access to ACL, and click OK.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Statically Importing OBS Buckets and Parallel File Systems
                                                                                                                                                                                                      • Static PV of an OBS bucket:
                                                                                                                                                                                                        apiVersion: v1
-kind: PersistentVolume
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • The involved accounts are in the same region.
                                                                                                                                                                                                        • You have created a cluster where the CCE Container Storage (Everest) add-on is installed. The add version must be 1.1.11 or later, and the cluster version must be 1.15 or later. 
                                                                                                                                                                                                        • An ECS with an EIP bound has been created in the same VPC as the cluster, and the ECS has been connected to the cluster through kubectl. 
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 1: Create an OBS Bucket Policy and ACL
                                                                                                                                                                                                        Configure an OBS bucket policy and ACL using account A and grant account B required permissions like the read and write permissions.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Configure the parameters. In this example, only some mandatory parameters are described. You can keep the default values for other parameters. 
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 2 Bucket policy parameters
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Example
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Policy Name
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Enter a name.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          example01
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Effect
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify the behavior of a policy.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Allow: The actions defined in the policy are allowed.
                                                                                                                                                                                                          • Deny: The actions defined in the policy are denied.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Allow
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Principal
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify authorized accounts. (Multiple accounts can be selected.) For different types of authorized accounts, the OBS console provides different templates for authorizations.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • All accounts: Any account can execute the current bucket policy without identity authentication, which may pose data security risks.
                                                                                                                                                                                                          • Current account: Grant permissions to a specific IAM account under the current account.
                                                                                                                                                                                                          • Other accounts: Grant permissions to a specific IAM account under another account.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Other accounts
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          XXX(account ID)/XXX (IAM ID)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Resources
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify the authorized resources.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Entire bucket (including the objects in it): Allow authorized accounts to perform certain actions on a bucket and the objects in it.
                                                                                                                                                                                                          • Current bucket: Allow authorized accounts to perform certain actions on the current bucket.
                                                                                                                                                                                                          • Specific objects: Allow authorized accounts to perform certain actions on the specified objects in a bucket.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Entire bucket (including the objects in it)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Actions
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify actions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Use a template: Use a permission template preset on the OBS console. If you selected Bucket Read/Write, the Specified actions option will be selected by default in the Advanced Settings area.
                                                                                                                                                                                                          • Customize: Customize the actions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Use a template > Bucket Read/Write
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. In the navigation pane, choose Permissions > Bucket ACL. In the right pane, click Add under User Access. Enter the account ID of the authorized user, select Read and Write for Access to Bucket, select Read for Access to Objects, select Read and Write for Access to ACL, and click OK.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 2: Create a Workload with an OBS Volume Mounted
                                                                                                                                                                                                        Create a PV and a PVC based on the OBS bucket of account A using account B and mount the PVC to the required workload.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Create a ConfigMap named paas-obs-endpoint and configure the region and endpoint of OBS.
                                                                                                                                                                                                          vim config.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The content is as follows: (For details about the parameters, see Table 3.)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          apiVersion: v1
+kind: ConfigMap
 metadata:
-  name: objbucket      #Replace the name with the actual PV name of the bucket.
+  name: paas-obs-endpoint   # The value must be paas-obs-endpoint.
+  namespace: kube-system    # The value must be kube-system.
+data:
+  obs-endpoint: |
+    {"<region_name>": "<endpoint_address>"}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Create the ConfigMap using config.yaml.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubectl create -f config.yaml
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 3 ConfigMap parameters
                                                                                                                                                                                                          ConfigMap
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          metadata.name
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ConfigMap name, which is fixed at paas-obs-endpoint and cannot be changed
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          metadata.namespace
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Namespace, which is fixed at kube-system and cannot be changed
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          data.obs-endpoint
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Region names and endpoints are in key-value pairs. Replace <region_name> and <endpoint_address> with specific values. If multiple values are needed, use commas (,) to separate them.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          For details about its value, see Regions and Endpoints.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Create a secret named test-user. (This secret is used to provide access credentials when volumes are mounted to CSI, and its name can be customized.)
                                                                                                                                                                                                          1. Obtain the AK. Go back to the management console, hover the cursor over the username in the upper right corner and choose My Credentials from the drop-down list.
                                                                                                                                                                                                            In the navigation pane, choose Access Keys. On the page displayed, click Create Access Key.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Click OK and download the AK.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. Encode the AK using Base64 and save the encoded AK and SK. If the AK obtained is xxx and the SK is yyy, run the following commands:
                                                                                                                                                                                                            echo -n xxx|base64
+echo -n yyy|base64
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          3. Create a secret YAML file, for example, test_user.yaml.
                                                                                                                                                                                                            vim test_user.yaml
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            The content is as follows: (For details about the parameters, see Table 4.)
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            apiVersion: v1
+data:
+  access.key: QUxPQUlJU******
+  secret.key: aVMwZkduQ******
+kind: Secret
+metadata:
+  name: test-user
+  namespace: default
+type: cfe/secure-opaque
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Create a secret using test_user.yaml.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            kubectl create -f test_user.yaml
                                                                                                                                                                                                            
+
+
                                                                                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                            Table 4 Secret parameters
                                                                                                                                                                                                            Parameter
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Description
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Example
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            access.key
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            A Base64-encoded AK
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            QUxPQUlJU******
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            secret.key
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            A Base64-encoded SK
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            aVMwZkduQ******
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            type
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Key type, which is fixed at cfe/secure-opaque and cannot be changed
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            When this type is used, the data entered by users will be automatically encrypted.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            cfe/secure-opaque
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Create a PV named testing_abc and mount the secret named test_user to the PV.
                                                                                                                                                                                                          vim testing_abc.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The content is as follows: (For details about the parameters, see Table 5.)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: testing-abc
   annotations:
+    pv.kubernetes.io/bound-by-controller: 'yes'
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
 spec:
-  accessModes:
-  - ReadWriteMany
   capacity:
     storage: 1Gi
-  mountOptions:  
-  - default_acl=bucket-owner-full-control      #New OBS mounting parameters
+  mountOptions:
+  - default_acl=bucket-owner-full-control      #New OBS mounting parameters
   csi:
     driver: obs.csi.everest.io
-    fsType: s3fs
+    volumeHandle: obs-cce-test                 # Name of the OBS bucket to be mounted
+    fsType: s3fs                               # obsfs indicates a parallel file system, and s3fs indicates an OBS bucket.
     volumeAttributes:
-      everest.io/obs-volume-type: STANDARD
-      everest.io/region:   eu-de     #Set it to the ID of the current region.
+      everest.io/obs-volume-type: STANDARD     # Bucket type, which can be STANDARD or WARM when an OBS bucket is used
+      everest.io/region: <region_name>         # Region where the OBS bucket is located (Replace it with the actual value.)
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    volumeHandle: objbucket             #Replace the name with the actual bucket name of the third-party tenant.
-  persistentVolumeReclaimPolicy: Retain    #This parameter must be set to Retain to ensure that the bucket will not be deleted when a PV is deleted.
-  storageClassName: csi-obs-mountoption    #You can associate a new custom OBS storage class or the built-in csi-obs of the cluster.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • mountOptions: This field contains the new OBS mounting parameters that allow the bucket owner to have full access to the data in the bucket. This field solves the problem that the bucket owner cannot read the data written into a mounted third-party bucket. If the object storage of a third-party tenant is mounted, default_acl must be set to bucket-owner-full-control. For details about other values of default_acl, see Bucket ACLs and Object ACLs.
                                                                                                                                                                                                          • persistentVolumeReclaimPolicy: When the object storage of a third-party tenant is mounted, this field must be set to Retain. In this way, the OBS bucket will not be deleted when a PV is deleted. The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                                          • storageClassName: You can associate a new custom OBS storage class (click here) or the built-in csi-obs of the cluster.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          PVC of a bound OBS bucket:
                                                                                                                                                                                                          apiVersion: v1
+    nodePublishSecretRef:                      # AK/SK used for mounting the OBS bucket
+      name: test-user
+      namespace: default
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain        # PV reclaim policy
+  storageClassName: csi-obs                    # csi-obs specifies an OBS storage class that is automatically created. You can customize it as required.
+  volumeMode: Filesystem
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Create the PV using testing_abc.yaml.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kubectl create -f testing_abc.yaml
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 5 PV parameters
                                                                                                                                                                                                          Parameter
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Example
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          mountOptions.default_acl
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify access control policies for a bucket and objects in the bucket. In this example, account A owns the bucket, and both account A and account B have the ability to upload data.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • private: The bucket or objects can only be fully accessed by the owner of the bucket.
                                                                                                                                                                                                          • public-read: The owner of the bucket has complete control over both the bucket and its objects. While other users can read data from the bucket, they are unable to modify, delete, or upload any data within it.
                                                                                                                                                                                                          • public-read-write: The owner of the bucket has complete control over the bucket and its objects. Other users can read and write data from and to the bucket.
                                                                                                                                                                                                          • bucket-owner-read: Users who have uploaded objects to the bucket has complete control over the objects, while the bucket owner is only granted read permissions for said objects. This mode is usually used in cross-account sharing scenarios.
                                                                                                                                                                                                          • bucket-owner-full-control: Users who have uploaded objects to the bucket are granted write permissions for those specific objects, but not read permissions by default. The bucket owner has complete control over all objects within the bucket. This mode is usually used in cross-account sharing scenarios.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          bucket-owner-full-control
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           NOTE: 
                                                                                                                                                                                                          Due to the bucket policy that was configured using account A, account B has been granted read and write permissions for the entire bucket, including objects uploaded by both account A and B.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          csi.nodePublishSecretRef
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify the secret to be mounted.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • name: name of a secret
                                                                                                                                                                                                          • namespace: namespace where the secret is in
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          test-user
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          default
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          csi.volumeHandle
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify the name of the OBS bucket to be mounted.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          obs-cce-test (OBS bucket name authorized by account A)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          csi.fsType
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify the file type.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • obsfs: Create an OBS parallel file system.
                                                                                                                                                                                                          • s3fs: Create an OBS bucket.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          s3fs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           NOTICE: 
                                                                                                                                                                                                          The file type specified by the PV and the PVC must match in order for the PV to be bound to the corresponding PVC. If they do not match, the binding cannot occur.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          accessModes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify the access mode of the storage volume. OBS supports only ReadWriteMany.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • ReadWriteOnce: A storage volume can be mounted to a single node in read-write mode.
                                                                                                                                                                                                          • ReadWriteMany: A storage volume can be mounted to multiple nodes in read-write mode.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ReadWriteMany
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          persistentVolumeReclaimPolicy
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specify the reclaim policy for the PV.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Delete: When a PVC is deleted, both the PV and underlying storage resources will be deleted. If the everest.io/reclaim-policy: retain-volume-only annotation is added to the YAML file, the underlying storage resources will be retained.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Retain: When a PVC is deleted, both the PV and underlying storage resources will be retained. You need to manually delete them. After the PVC is deleted, the PV is in the Released state and cannot be bound to a PVC again.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Retain
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           NOTE: 
                                                                                                                                                                                                          If multiple PVs use the same OBS volume, use Retain to prevent the underlying volume from being deleted with one of the PV.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Create a PVC named pvc-test-abc and bind the new PV testing_abc to it.
                                                                                                                                                                                                          vim pvc_test_abc.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The file content is as follows:
                                                                                                                                                                                                          apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  annotations:
-    csi.storage.k8s.io/fstype: obsfs
-    everest.io/obs-volume-type: STANDARD
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-  name: objbucketpvc      #Replace the name with the actual PVC name of the bucket.
+  name: pvc-test-abc
   namespace: default
+  annotations:
+    csi.storage.k8s.io/node-publish-secret-name: test-user      # Mount a secret.
+    csi.storage.k8s.io/node-publish-secret-namespace: default   # Namespace of the secret
+      everest.io/obs-volume-type: STANDARD     # Bucket type, which can be STANDARD or WARM when an OBS bucket is used
+    csi.storage.k8s.io/fstype: s3fs            # File type. obsfs indicates a parallel file system, and s3fs indicates an OBS bucket.
+    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
 spec:
   accessModes:
-  - ReadWriteMany
+  - ReadWriteMany             # The value must be ReadWriteMany for object storage.
   resources:
     requests:
-      storage: 1Gi
-  storageClassName: csi-obs-mountoption     #The value must be the same as the storage class associated with the bound PV.
-  volumeName: objbucket       #Replace the name with the actual PV name of the bucket to be bound.
                                                                                                                                                                                                          
+      storage: 1Gi            # Storage capacity of a PVC. This parameter is valid only for verification (fixed to 1, cannot be empty or 0). The value setting does not take effect for OBS buckets.
+  storageClassName: csi-obs   # csi-obs specifies an OBS storage class that is automatically created. You can customize it as required.
+  volumeName: testing-abc     # PV name
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    10. Static PV of an OBS parallel file system:
                                                                                                                                                                                                      apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: obsfscheck   #Replace the name with the actual PV name of the parallel file system.
-  annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 1Gi
-  mountOptions:
-  - default_acl=bucket-owner-full-control     #New OBS mounting parameters
-  csi:
-    driver: obs.csi.everest.io
-    fsType: obsfs
-    volumeAttributes:
-      everest.io/obs-volume-type: STANDARD
-      everest.io/region:   eu-de
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    volumeHandle: obsfscheck               #Replace the name with the actual name of the parallel file system of the third-party tenant.
-  persistentVolumeReclaimPolicy: Retain        #This parameter must be set to Retain to ensure that the bucket will not be deleted when a PV is deleted.
-  storageClassName: csi-obs-mountoption       #You can associate a new custom OBS storage class or the built-in csi-obs of the cluster.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • mountOptions: This field contains the new OBS mounting parameters that allow the bucket owner to have full access to the data in the bucket. This field solves the problem that the bucket owner cannot read the data written into a mounted third-party bucket. If the object storage of a third-party tenant is mounted, default_acl must be set to bucket-owner-full-control. For details about other values of default_acl, see Bucket ACLs and Object ACLs.
                                                                                                                                                                                                      • persistentVolumeReclaimPolicy: When the object storage of a third-party tenant is mounted, this field must be set to Retain. In this way, the OBS bucket will not be deleted when a PV is deleted. The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                                      • storageClassName: You can associate a new custom OBS storage class (click here) or the built-in csi-obs of the cluster.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      PVC of a bound OBS parallel file system:
                                                                                                                                                                                                      apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    csi.storage.k8s.io/fstype: obsfs
-    everest.io/obs-volume-type: STANDARD
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-  name: obsfscheckpvc   #Replace the name with the actual PVC name of the parallel file system.
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-obs-mountoption    #The value must be the same as the storage class associated with the bound PV.
-  volumeName: obsfscheck     #Replace the name with the actual PV name of the parallel file system.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Create the PVC using pvc_test_abc.yaml.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubectl create -f pvc_test_abc.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    11. Create a workload and mount the PVC to it. The following uses an Nginx Deployment as an example.
                                                                                                                                                                                                      vim obs_deployment_example.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The file content is as follows:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      apiVersion: apps/v1 
+kind: Deployment 
+metadata: 
+  name: obs-deployment-example                  # Workload name, which can be customized
+  namespace: default 
+spec: 
+  replicas: 1 
+  selector: 
+    matchLabels: 
+      app: obs-deployment-example              # Label, which can be customized
+  template: 
+    metadata: 
+      labels: 
+        app: obs-deployment-example 
+    spec: 
+      containers: 
+      - image: nginx
+        name: container-0 
+        volumeMounts: 
+        - mountPath: /tmp                       # PVC mount path, which can be customized as required
+          name: pvc-obs-example 
+      restartPolicy: Always
+      imagePullSecrets:
+        - name: default-secret
+      volumes: 
+      - name: pvc-obs-example  
+        persistentVolumeClaim: 
+          claimName: pvc-test-abc               # PVC name
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Create the workload named obs-deployment-example using obs_deployment_example.yaml.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubectl create -f obs_deployment_example.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check whether the workload has been created.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubectl get pod
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If information similar to the following is displayed and the workload is in the Running state, the workload has been created.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      NAME                                      READY   STATUS              RESTARTS        AGE
+obs-deployment-example-6b4dfd7b57-frfxv   1/1     Running             0               22h
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      12. 
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 3: Check the Pod Actions on the OBS Bucket
                                                                                                                                                                                                      Check whether the pod created by account B has the required permissions based on the bucket policy.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Check whether the pod can read and write objects in the OBS bucket created by account A and assume that a test.txt file is present in the OBS bucket.
                                                                                                                                                                                                        Run the following command to access the created workload. (You can press Ctrl+D to exit the current workload.)
                                                                                                                                                                                                        kubectl -n default exec -it obs-deployment-example-6b4dfd7b57-frfxv -c container-0 /bin/bash
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Run the following command to check the pod actions on test.txt. /tmp specifies the PVC mount path.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        ls -l /tmp/test.txt
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If information similar to the following is displayed, the pod has the read and write permissions on the test.txt file, which is related to the bucket policy set by account A.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        -rwxrwxrwx 1 root root 4 Sep  5 09:09 /tmp/test.txt
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Check whether the pod can read and write data from and to the objects uploaded by itself in the OBS bucket.
                                                                                                                                                                                                        Create a test01.txt file in /tmp and write test\n into the file.
                                                                                                                                                                                                        echo -e "test\n" > /tmp/test01.txt
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Run the following command to check the test01.txt content and check whether the pod can read and write new objects uploaded by itself: (Account A can check the new objects in the OBS bucket.)
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        cat /tmp/test01.txt
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If information similar the following is displayed, the pod has the read and write permissions on the objects uploaded by itself.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        test
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 4: Clear Resources
                                                                                                                                                                                                      Once you have studied this example, delete any associated resources to prevent incurring settlement fees. If you plan to learn other examples, wait until they are finished before doing any clean-up.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Run the following command to delete the workload:
                                                                                                                                                                                                        kubectl delete -f obs_deployment_example.yaml  
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        deployment.apps "obs-deployment-example" deleted
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Run the following command to delete the PVC:
                                                                                                                                                                                                        kubectl delete -f pvc_test_abc.yaml  
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        persistentvolumeclaim "pvc-test-abc" deleted
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Run the following command to delete the PV:
                                                                                                                                                                                                        kubectl delete -f testing_abc.yaml  
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        persistentvolume "testing-abc" deleted
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      4. Run the following command to delete the secret:
                                                                                                                                                                                                        kubectl delete -f test_user.yaml  
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        secret "test-user" deleted
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      5. Run the following command to delete the ConfigMap:
                                                                                                                                                                                                        kubectl delete -f config.yaml  
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        configmap "paas-obs-endpoint" deleted
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Common Issues
                                                                                                                                                                                                      If a workload fails to be created, locate the fault based on the error information in the pod events. For details, see Table 6. 
                                                                                                                                                                                                      
+
+
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Table 6 Locating the fault
                                                                                                                                                                                                      Error
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Possible Cause
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      0/4 nodes are available: pod has unbound immediate PersistentVolumeClaims. preemption: 0/4 nodes are available: 4 Preemption is not helpful for scheduling.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The PVC is not bound to any PV.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Run the following command to check the PVC status:
                                                                                                                                                                                                        kubectl get pv
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If the PVC is in the Pending state, it is not bound to any PV.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Check the PVC details and locate the cause of the binding failure.
                                                                                                                                                                                                        kubectl describe pv <pv_name>
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Modify the YAML file to rectify the fault if the fault is caused by any of the following reasons:
                                                                                                                                                                                                        • The PVC is not bound to the proper PV.
                                                                                                                                                                                                        • The PVC and PV parameters do not match. This includes fsType, StorageClass, accessModes, and storage. The StorageClass must be object storage, and accessModes must be set to ReadWriteMany because OBS buckets only support this mode. Additionally, the storage value requested by the PVC must be equal to or less than the storage value provided by the PV.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      MountVolume.SetUp failed for volume "obs-cce-example": rpc error: code = Unknown desc = failed to get secret(paas.longaksk), err: get secret(paas.longaksk) failed: get secret paas.longaksk from namespace kube-system failed: secrets "paas.longaksk" not found
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The required secret cannot be found when the storage volume is mounted to the workload.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Check whether the mounted secret is present.
                                                                                                                                                                                                        kubectl get secret
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If it is present, the secret may be incorrectly configured. If it is not present, you can create one by referring to 2.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Check the secret parameter configurations. The following shows the common issues:
                                                                                                                                                                                                        • The access.key and secret.key parameters are not set to the AK and SK encoded using Base64.
                                                                                                                                                                                                        • The type parameter is not set to cfe/secure-opaque.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      MountVolume.SetUp failed for volume "pv-obs-example": rpc error: code = Internal desc = [8032c354-4e1b-41b0-81ce-9d4b3f8c49c9] get obsUrl failed before mount bucket obs-cce-example, get configMap paas-obs-endpoint from namespace kube-system failed: configmaps "paas-obs-endpoint" not found
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The ConfigMap that stores the OBS endpoint is not present or is incorrectly configured.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Check whether the ConfigMap is present.
                                                                                                                                                                                                        kubectl get configmap
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If it is present, the ConfigMap may be incorrectly configured. If it is not present, you can create one by referring to 1.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Check the ConfigMap parameter configurations. The following shows the common issues:
                                                                                                                                                                                                        • The name parameter is not set to paas-obs-endpoint.
                                                                                                                                                                                                        • The namespace parameter is not set to kube-system.
                                                                                                                                                                                                        • The region name is not set to the region where the OBS bucket is located.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    12. (Optional) Creating a custom OBS storage class to associate with a static PV:
                                                                                                                                                                                                      apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: csi-obs-mountoption
-mountOptions:
-  - default_acl=bucket-owner-full-control
-parameters:
-  csi.storage.k8s.io/csi-driver-name: obs.csi.everest.io
-  csi.storage.k8s.io/fstype: obsfs
-  everest.io/obs-volume-type: STANDARD
-provisioner: everest-csi-provisioner
-reclaimPolicy: Retain
-volumeBindingMode: Immediate
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • csi.storage.k8s.io/fstype: File type. The value can be obsfs or s3fs. If the value is s3fs, an OBS bucket is created and mounted using s3fs. If the value is obsfs, an OBS parallel file system is created and mounted using obsfs.
                                                                                                                                                                                                      • reclaimPolicy: Reclaim policy of a PV. The value will be set in PV.spec.persistentVolumeReclaimPolicy dynamically created based on the new PVC associated with the storage class. If the value is Delete, the external OBS bucket and the PV will be deleted when the PVC is deleted. If the value is Retain, the PV and external storage are retained when the PVC is deleted. In this case, clear the PV separately. In the scenario where an imported third-party bucket is associated, the storage class is used only for associating static PVs (with this field set to Retain). Dynamic creation is not involved.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      13. 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00221.html b/docs/cce/umn/cce_bestpractice_00221.html
index c83a65b68..2e40fc248 100644
--- a/docs/cce/umn/cce_bestpractice_00221.html
+++ b/docs/cce/umn/cce_bestpractice_00221.html
@@ -10,7 +10,7 @@
 
                                                                                                                                                                                                      Configuration Method
                                                                                                                                                                                                       
                                                                                                                                                                                                      In the following example, only pods and Deployments in the test space can be viewed and added, and they cannot be deleted.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Set the service account name to my-sa and namespace to test.
                                                                                                                                                                                                        kubectl create sa my-sa -n test
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      2. Configure the role table and assign operation permissions to different resources.
                                                                                                                                                                                                        vi role-test.yaml
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The content is as follows:
                                                                                                                                                                                                         
                                                                                                                                                                                                        In this example, the permission rules include the read-only permission (get/list/watch) of pods in the test namespace, and the read (get/list/watch) and create permissions of deployments.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
@@ -45,7 +45,7 @@ rules:
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Create a Role.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        kubectl create -f role-test.yaml
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Create a RoleBinding and bind the service account to the role so that the user can obtain the corresponding permissions.
                                                                                                                                                                                                        vi myrolebinding.yaml
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The content is as follows:
                                                                                                                                                                                                        apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -63,7 +63,7 @@ subjects:
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Create a RoleBinding.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        kubectl create -f myrolebinding.yaml
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The user information is configured. Now perform 5 to 7 to write the user information to the configuration file.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      4. Manually create a token that is valid for a long time for ServiceAccount.
                                                                                                                                                                                                        vi my-sa-token.yaml
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The content is as follows:
                                                                                                                                                                                                        apiVersion: v1
@@ -82,7 +82,7 @@ type: kubernetes.io/service-account-token
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Set a cluster access mode. test-arm specifies the cluster to be accessed. https://192.168.0.110:5443 specifies the apiserver IP address of the cluster. /home/test.config specifies the path for storing the configuration file.
                                                                                                                                                                                                          • If the internal API server address is used, run the following command:
                                                                                                                                                                                                            kubectl config set-cluster test-arm --server=https://192.168.0.110:5443  --certificate-authority=/home/ca.crt  --embed-certs=true --kubeconfig=/home/test.config
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          • If the public API server address is used, run the following command:
                                                                                                                                                                                                            kubectl config set-cluster test-arm --server=https://192.168.0.110:5443 --kubeconfig=/home/test.config --insecure-skip-tls-verify=true
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        If you perform operations on a node in the cluster or the node that uses the configuration is a cluster node, do not set the path of kubeconfig to /root/.kube/config.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
@@ -91,18 +91,18 @@ type: kubernetes.io/service-account-token
 
                                                                                                                                                                                                        token=$(kubectl describe secret my-sa-token-secret -n test | awk '/token:/{print $2}')
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Set the cluster user ui-admin.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        kubectl config set-credentials ui-admin --token=$token --kubeconfig=/home/test.config
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      5. Configure the context information for cluster authentication access. ui-admin@test specifies the context name.
                                                                                                                                                                                                        kubectl config set-context ui-admin@test --cluster=test-arm --user=ui-admin --kubeconfig=/home/test.config
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      6. Configure the context. For details about how to use the context, see Verification.
                                                                                                                                                                                                        kubectl config use-context ui-admin@test --kubeconfig=/home/test.config
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        If you want to assign other users the above permissions to perform operations on the cluster, provide the generated configuration file /home/test.config to the user after performing step 7. The user must ensure that the host can access the API server address of the cluster. When performing step 8 on the host and using kubectl, the user must set the kubeconfig parameter to the path of the configuration file.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Verification
                                                                                                                                                                                                      1. Pods in the test namespace cannot access pods in other namespaces.
                                                                                                                                                                                                        kubectl get pod -n test --kubeconfig=/home/test.config
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      2. Pods in the test namespace cannot be deleted.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Pods in the test namespace cannot be deleted.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Further Readings
                                                                                                                                                                                                      For more information about users and identity authentication in Kubernetes, see Authenticating.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00222.html b/docs/cce/umn/cce_bestpractice_00222.html
new file mode 100644
index 000000000..17fffe14e
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_00222.html
@@ -0,0 +1,249 @@
+
+
+
                                                                                                                                                                                                      Creating an IPv4/IPv6 Dual-Stack Cluster in CCE
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      This section describes how to set up a VPC with IPv6 CIDR block and create a cluster and nodes with an IPv6 address in the VPC, so that the nodes can access the Internet.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Overview
                                                                                                                                                                                                      IPv6 addresses are used to deal with the problem of IPv4 address exhaustion. If a worker node (such as an ECS) in the current cluster uses IPv4, the node can run in dual-stack mode after IPv6 is enabled. Specifically, the node has both IPv4 and IPv6 addresses, which can be used to access the intranet or public network.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      • If your application needs to provide Services for users who use IPv6 clients, you can use IPv6 EIPs or the IPv4 and IPv6 dual-stack function.
                                                                                                                                                                                                      • If your application needs to both provide Services for users who use IPv6 clients and analyze the access request data, you can use only the IPv4 and IPv6 dual-stack function.
                                                                                                                                                                                                      • If internal communication is required between your application systems or between your application system and another system (such as the database system), you can use only the IPv4 and IPv6 dual-stack function.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Constraints
                                                                                                                                                                                                      • Clusters that support IPv4/IPv6 dual-stack:
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Cluster Type
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Cluster Network Model
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Version
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Remarks
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CCE standard cluster
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Container tunnel network
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        v1.15 or later
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        IPv4/IPv6 dual-stack will be generally available for clusters of v1.23.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        ELB dual-stack is not supported.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CCE Turbo cluster
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Cloud Native 2.0 Network
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        v1.23.8-r0 or later
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        v1.25.3-r0 or later
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Currently, Kata containers do not support IPv4/IPv6 dual-stack.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Only ECS-VM or ECS-physical server (c6.22xlarge.4.physical or c7.32xlarge.4.physical) supports IPv4/IPv6 dual-stack.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Worker nodes and master nodes in Kubernetes clusters use IPv4 addresses to communicate with each other.
                                                                                                                                                                                                      • Only one IPv6 address can be bound to each NIC.
                                                                                                                                                                                                      • When IPv4/IPv6 dual-stack is enabled for the cluster, DHCP unlimited lease cannot be enabled for the selected node subnet.
                                                                                                                                                                                                      • If a dual-stack cluster is used, do not change the load balancer protocol version on the ELB console.
                                                                                                                                                                                                      • ELB dual-stack can be used in only CCE Turbo clusters with the following restrictions.
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Application Scenario
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Dedicated Load Balancer
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Shared Load Balancer
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        ELB ingress
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Dual stack is supported.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Layer-7 dedicated load balancers can only communicate with their backend servers using IPv4. If an ingress uses IPv6/IPv4 dual-stack, related alarms will be generated. (Backends with IPv6 addresses cannot be added to the associated load balancer.) You can view related alarms by referring to the events of the corresponding ingress.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Only IPv4 is supported.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Nginx ingress
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Dual-stack is supported when the following conditions are met:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • For clusters from v1.19 to v1.23, nginx-ingress of v2.1.7 or later supports dual-stack.
                                                                                                                                                                                                        • For clusters of v1.25 or later, nginx-ingress of v2.2.5 or later supports dual-stack.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Only IPv4 is supported.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        LoadBalancer Service
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Layer 7 (HTTP/HTTPS): Dual-stack is supported.
                                                                                                                                                                                                          Layer-7 dedicated load balancers can only communicate with their backend servers using IPv4. If a Service uses IPv6/IPv4 dual-stack, related alarms will be generated. (Backends with IPv6 addresses cannot be added to the associated load balancer.) You can view related alarms by referring to the events of the corresponding Service. To avoid alarms, you can select the IPv4 protocol when creating a Service and select a dedicated Layer-7 load balancer with dual-stack enabled.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Layer 4 (TCP/UDP): Dual-stack is supported.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Only IPv4 is supported.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 1: Create a VPC
                                                                                                                                                                                                      Before creating your VPCs, determine how many VPCs, the number of subnets, and what IP address ranges you will need. 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       
                                                                                                                                                                                                      • The basic operations for IPv4 and IPv6 dual-stack networks are the same as those for IPv4 networks. Only some parameters are different.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Perform the following operations to create a VPC named vpc-ipv6 and its default subnet named subnet-ipv6.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                                      2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                                      3. Under Network, select Virtual Private Cloud.
                                                                                                                                                                                                      4. Click Create VPC.
                                                                                                                                                                                                      5. Configure the VPC and subnet following instructions. For details about the mandatory parameters, see Table 1 and Table 2. 
                                                                                                                                                                                                        When configuring a subnet, select Enable for IPv6 CIDR Block to automatically allocate an IPv6 CIDR block to the subnet. IPv6 cannot be disabled after the subnet is created. Currently, you are not allowed to specify a custom IPv6 CIDR block.
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Table 1 VPC configuration parameters
                                                                                                                                                                                                        Parameter
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Description
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Example Value
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Region
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the desired region. Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        -
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Name
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        VPC name.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        vpc-ipv6
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        IPv4 CIDR Block
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the Classless Inter-Domain Routing (CIDR) block of the VPC. The CIDR block of a subnet can be the same as the CIDR block for the VPC (for a single subnet in the VPC) or a subset (for multiple subnets in the VPC).
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The following CIDR blocks are supported:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        10.0.0.0/8–24
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        172.16.0.0/12–24
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        192.168.0.0/16–24
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        192.168.0.0/16
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Table 2 Subnet parameters
                                                                                                                                                                                                        Parameter
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Description
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Example Value
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Name
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the subnet name.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        subnet-ipv6
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        IPv4 CIDR Block
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the IPv4 CIDR block for the subnet. This value must be within the VPC CIDR range.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        192.168.0.0/24
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        IPv6 CIDR Block
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Select Enable for IPv6 CIDR Block. An IPv6 CIDR block will be automatically assigned to the subnet. IPv6 cannot be disabled after the subnet is created. Currently, you are not allowed to specify a custom IPv6 CIDR block.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        N/A
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Associated Route Table
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the default route table to which the subnet will be associated. You can change the route table to a custom route table.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Default
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Advanced Settings
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Gateway
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the gateway address of the subnet.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        This IP address is used to communicate with other subnets.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        192.168.0.1
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        DNS Server Address
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        By default, two DNS server addresses are configured. You can change them if necessary. When multiple IP addresses are available, separate them with a comma (,).
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        100.125.x.x
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      6. Click Create Now.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 2: Create a CCE Cluster
                                                                                                                                                                                                      Creating a CCE cluster
                                                                                                                                                                                                      1. Log in to the CCE console and create a cluster.
                                                                                                                                                                                                        Complete the network settings as follows:
                                                                                                                                                                                                        • Network Model: Select Tunnel network.
                                                                                                                                                                                                        • VPC: Select the created VPC vpc-ipv6.
                                                                                                                                                                                                        • Default Node Subnet: Select a subnet with IPv6 enabled.
                                                                                                                                                                                                        • IPv6: Enable this function. After this function is enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.
                                                                                                                                                                                                        • Container CIDR Block: A proper mask must be set for the container CIDR block. The mask determines the number of available nodes in the cluster. If the mask of the container CIDR block in the cluster is set improperly, there will be only a small number of available nodes in the cluster.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Create a node.
                                                                                                                                                                                                        The CCE console displays the nodes that support IPv6. You can directly select a node. 
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        After the creation is complete, access the cluster details page. Then, click the node name to go to the ECS details page and view the automatically allocated IPv6 address.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Creating a CCE Turbo cluster
                                                                                                                                                                                                      1. Log in to the CCE console and create a CCE Turbo cluster.
                                                                                                                                                                                                        Complete the network settings as follows:
                                                                                                                                                                                                        • Network Model: Select Cloud Native Network 2.0.
                                                                                                                                                                                                        • IPv6: Enable this function. After this function is enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks.
                                                                                                                                                                                                        • VPC: Select the created VPC vpc-ipv6.
                                                                                                                                                                                                        • Default Node Subnet: Only subnets with IPv6 enabled can be selected.
                                                                                                                                                                                                        • Pod Subnet: Only subnets with IPv6 enabled can be selected.
                                                                                                                                                                                                        • Service CIDR Block: A proper mask must be set for the container CIDR block. The mask determines the number of available nodes in the cluster. If the mask of the container CIDR block in the cluster is set improperly, there will be only a small number of available nodes in the cluster.
                                                                                                                                                                                                        • IPv6 Service CIDR Block: determines the maximum number of Services that can be created. The value cannot be changed after being specified. The default value is fc00::/112. To customize the CIDR block, ensure that the CIDR block meets the following requirements: .
                                                                                                                                                                                                          • The IPv6 Service CIDR block must belong to the fc00::/8 CIDR block.
                                                                                                                                                                                                          • The prefix length of an IPv6 address ranges from 112 to 120. You can adjust the number of IPv6 addresses by adjusting the prefix value. A maximum of 65536 IPv6 addresses are allowed.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Create a node.
                                                                                                                                                                                                        The CCE console displays the nodes that support IPv6. You can directly select a node. 
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        After the creation is complete, access the cluster details page. Then, click the node name to go to the ECS details page and view the automatically allocated IPv6 address.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Step 3: Apply for a Shared Bandwidth and Adding an IPv6 Address to It
                                                                                                                                                                                                      By default, the IPv6 address can only be used for private network communication. If you want to use this IPv6 address to access the Internet or be accessed by IPv6 clients on the Internet, apply for a shared bandwidth and add the IPv6 address to it.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If you already have a shared bandwidth, you can add the IPv6 address to the shared bandwidth without applying for one.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Applying a Shared Bandwidth
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                                      2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                                      3. Choose Service List > Network > Virtual Private Cloud.
                                                                                                                                                                                                      4. In the navigation pane, choose Elastic IP and Bandwidth > Shared Bandwidths.
                                                                                                                                                                                                      5. In the upper right corner, click Assign Shared Bandwidth. On the displayed page, configure parameters following instructions.
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Table 3 Parameters
                                                                                                                                                                                                        Parameter
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Description
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Example Value
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Region
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the desired region. Regions are geographic areas that are physically isolated from each other. The networks inside different regions are not connected to each other, so resources cannot be shared across different regions. For lower network latency and faster access to your resources, select the region nearest you.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        -
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Bandwidth
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the shared bandwidth size in Mbit/s. The minimum bandwidth that can be purchased is 5 Mbit/s.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        10
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Name
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Specifies the name of the shared bandwidth.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Bandwidth-001
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      6. Click Assign Now.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Adding an IPv6 Address to a Shared Bandwidth
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. On the shared bandwidth list page, locate the row containing the target shared bandwidth and click Add Public IP Address in the Operation column.
                                                                                                                                                                                                      2. Add the IPv6 address to the shared bandwidth.
                                                                                                                                                                                                      3. Click OK.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Verifying the Result
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Log in to an ECS and ping an IPv6 address on the Internet to verify the connectivity. ping6 ipv6.baidu.com is used as an example here. The execution result is displayed in Figure 1.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 Result verification
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parent topic: Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
diff --git a/docs/cce/umn/cce_bestpractice_00226.html b/docs/cce/umn/cce_bestpractice_00226.html
index d281ef5b9..68b8e1d7a 100644
--- a/docs/cce/umn/cce_bestpractice_00226.html
+++ b/docs/cce/umn/cce_bestpractice_00226.html
@@ -145,7 +145,7 @@ spec:
 hostaliases-pod       1/1            Running      0             16m
 
                                                                                                                                                                                                    13. Check whether the hostAliases functions properly.
                                                                                                                                                                                                      docker ps |grep hostaliases-pod
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      docker exec -ti Container ID /bin/sh
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      14. 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00228.html b/docs/cce/umn/cce_bestpractice_00228.html
index 4b7aa1b8a..52b147e2e 100644
--- a/docs/cce/umn/cce_bestpractice_00228.html
+++ b/docs/cce/umn/cce_bestpractice_00228.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                                                                                                      Using Init Containers to Initialize an Application
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Concepts
                                                                                                                                                                                                      Before containers running applications are started, one or some init containers are started first. If there are multiple init containers, they will be started in the defined sequence. The application containers are started only after all init containers run to completion and exit. Storage volumes in a pod are shared. Therefore, the data generated in the init containers can be used by the application containers.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Concepts
                                                                                                                                                                                                      An init container is a type of container that starts and exits before the application containers start. If there are multiple init containers, they will be started in the defined sequence. The data generated in the init containers can be used by the application containers because storage volumes in a pod are shared.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Init containers can be used in multiple Kubernetes resources, such as Deployments, DaemonSets, and jobs. They perform initialization before application containers are started.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      Before deploying a service, you can use an init container to make preparations before the pod where the service is running is deployed. After the preparations are complete, the init container runs to completion and exit, and the container to be deployed will be started.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • Scenario 1: Wait for other modules to be ready. For example, an application contains two containerized services: web server and database. The web server service needs to access the database service. However, when the application is started, the database service may have not been started. Therefore, web server may fail to access database. To solve this problem, you can use an init container in the pod where web server is running to check whether database is ready. The init container runs to completion only when database is accessible. Then, web server is started and initiates a formal access request to database. 
                                                                                                                                                                                                      • Scenario 2: Initialize the configuration. For example, the init container can check all existing member nodes in the cluster and prepare the cluster configuration information for the application container. After the application container is started, it can be added to the cluster using the configuration information.
                                                                                                                                                                                                      • Other scenarios: For example, register a pod with a central database and download application dependencies.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      Before deploying a service, you can use an init container to make preparations before the service pod is deployed. After the preparations are complete, the init container runs to completion and exits, and the container to be deployed will be started.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Scenario 1: Wait for other modules to be ready. For example, an application contains two containerized services: web server and database. The web server service needs to access the database service. However, when the application is started, the database service may have not been started. Therefore, web server may fail to access database. To solve this problem, you can use an init container in the pod where web server is running to check whether database is ready. The init container runs to completion only when database is accessible. Then, web server is started and initiates a formal access request to database. 
                                                                                                                                                                                                      • Scenario 2: Initialize the configuration. For example, the init container can check all existing member nodes in the cluster and prepare the cluster configuration information for the application container. After the application container is started, it can be added to the cluster using the configuration information.
                                                                                                                                                                                                      • Other scenarios: For example, a pod is registered with a central database and application dependencies are downloaded.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      For details, see Init Containers.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      1. Edit the YAML file of the init container workload.
                                                                                                                                                                                                        vi deployment.yaml
                                                                                                                                                                                                        
@@ -49,7 +49,7 @@ spec:
 
                                                                                                                                                                                                        deployment.apps/mysql created
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      2. Query the created Docker container on the node where the workload is running.
                                                                                                                                                                                                        docker ps -a|grep mysql
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The init container will exit after it runs to completion. The query result Exited (0) shows the exit status of the init container.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00231.html b/docs/cce/umn/cce_bestpractice_00231.html
index fe2489113..369ba1d3a 100644
--- a/docs/cce/umn/cce_bestpractice_00231.html
+++ b/docs/cce/umn/cce_bestpractice_00231.html
@@ -5,38 +5,32 @@
 
                                                                                                                                                                                                      For example, in most online systems that require user identity authentication, a user needs to interact with the server for multiple times to complete a session. These interactions require continuity. If sticky session is not configured, the load balancer may allocate certain requests to different backend servers. Since user identity has not been authenticated on other backend servers, interaction exceptions such as a user login failure may occur.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Therefore, select a proper sticky session type based on the application environment.
                                                                                                                                                                                                      
 
-
                                                                                                                                                                                                      
-
-
diff --git a/docs/cce/umn/cce_faq_00039.html b/docs/cce/umn/cce_faq_00039.html
index 749f4bd30..5d3b3af3d 100644
--- a/docs/cce/umn/cce_faq_00039.html
+++ b/docs/cce/umn/cce_faq_00039.html
@@ -1,25 +1,24 @@
 
                                                                                                                                                                                                      How Do I Locate the Fault When a Cluster Is Unavailable?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      If a cluster is Unavailable, perform the following operations to locate the fault.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If a cluster is unavailable, perform the following operations to locate the fault.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Troubleshooting Process
                                                                                                                                                                                                      The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      If the fault persists, contact the customer service to help you locate the fault.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 1 Fault locating
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 1: Whether the Security Group Is Modified
                                                                                                                                                                                                      1. Log in to the management console, and choose Service List > Networking > Virtual Private Cloud. In the navigation pane on the left, choose Access Control > Security Groups to find the security group of the master node in the cluster.
                                                                                                                                                                                                        The name of this security group is in the format of Cluster name-cce-control-ID.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 1: Whether the Security Group Is Modified
                                                                                                                                                                                                        1. Log in to the management console and choose Service List > Networking > Virtual Private Cloud. In the navigation pane, choose Access Control > Security Groups to find the security group of the master node in the cluster.
                                                                                                                                                                                                          The name of this security group is in the format of Cluster name-cce-control-ID.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        2. Click the security group. On the details page displayed, ensure that the security group rules of the master node are correct.
                                                                                                                                                                                                          For details, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Check Item 2: Whether There Are Residual Listeners and Backend Server Groups on the Load Balancer
                                                                                                                                                                                                        Reproducing the Problem
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        A cluster exception occurs when a LoadBalancer Service is being created or deleted. After the fault is rectified, the Service is deleted successfully, but there are residual listeners and backend server group.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Pre-create a CCE cluster. In the cluster, use the official Nginx image to create workloads, preset load balancers, Services, and ingresses.
                                                                                                                                                                                                        2. Ensure that the cluster is running properly and the Nginx workload is stable.
                                                                                                                                                                                                        3. Create and delete 10 LoadBalancer Services every 20 seconds.
                                                                                                                                                                                                        4. An injection exception occurs in the cluster. For example, the etcd pod is unavailable or the cluster is hibernated.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        A cluster exception occurs when a LoadBalancer Service is being created or deleted. After the fault is rectified, the Service is deleted successfully, but there are residual listeners and backend server groups.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Pre-create a CCE cluster. In the cluster, use the official Nginx image to create a workload, preset a load balancer, a Service, and an ingress.
                                                                                                                                                                                                        2. Ensure that the cluster is running properly and the Nginx workload is stable.
                                                                                                                                                                                                        3. Create and delete 10 LoadBalancer Services every 20 seconds.
                                                                                                                                                                                                        4. Verify that an injection exception occurs in the cluster. For example, the etcd is unavailable or the cluster is hibernated.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Possible Causes
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        There are residual listeners and backend server groups on the load balancer.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Manually clear residual listeners and backend server groups.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Log in to the management console and choose Network > Elastic Load Balance from the service list.
                                                                                                                                                                                                        2. In the load balancer list, click the name of the target load balancer to go to the details page. On the Listeners tab page, locate the target listener and delete it.
                                                                                                                                                                                                        3. On the Backend Server Groups tab page, locate the target backend server group and delete it.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the management console and choose Networking > Elastic Load Balance from the service list.
                                                                                                                                                                                                        2. In the load balancer list, click the name of the target load balancer to go to the details page. On the Listeners tab, locate the target listener and delete it.
                                                                                                                                                                                                        3. On the Backend Server Groups page, locate the target backend server group and delete it.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00040.html b/docs/cce/umn/cce_faq_00040.html
index d04d69f27..e519bdbb4 100644
--- a/docs/cce/umn/cce_faq_00040.html
+++ b/docs/cce/umn/cce_faq_00040.html
@@ -1,7 +1,10 @@
 
 
 
                                                                                                                                                                                                      How Do I Retrieve Data After a CCE Cluster Is Deleted?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      After a cluster is deleted, the workload on the cluster will also be deleted and cannot be restored. Therefore, exercise caution when deleting a cluster.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Question
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      How do I retrieve data after a CCE cluster is deleted?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Answer:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      After a cluster is deleted, the workload on the cluster will also be deleted and cannot be restored. Therefore, exercise caution when deleting a cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00041.html b/docs/cce/umn/cce_faq_00041.html
index db694e27b..da07028e8 100644
--- a/docs/cce/umn/cce_faq_00041.html
+++ b/docs/cce/umn/cce_faq_00041.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                      How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the CCE console. Click the target cluster to go to its details page.
                                                                                                                                                                                                      2. In the Connection Information area, view the kubectl connection mode.
                                                                                                                                                                                                      3. In the window that is displayed, download the kubectl configuration file (kubeconfig.json).
                                                                                                                                                                                                        Figure 1 Downloading kubeconfig.json
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the CCE console and click the target cluster to access the cluster console.
                                                                                                                                                                                                        2. In the Connection Information area, view the kubectl connection mode.
                                                                                                                                                                                                        3. In the window that is displayed, download the kubectl configuration file (kubeconfig.json).
                                                                                                                                                                                                          Figure 1 Downloading kubeconfig.json
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00089.html b/docs/cce/umn/cce_faq_00089.html
index 70c3fac26..59354d9f8 100644
--- a/docs/cce/umn/cce_faq_00089.html
+++ b/docs/cce/umn/cce_faq_00089.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                                                                                                        Can I Create a CCE Node Without Adding a Data Disk to the Node?
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        No. A data disk is mandatory.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        A data disk dedicated for kubelet and the container engine will be attached to a new node.  By default, CCE uses Logical Volume Manager (LVM) to manage data disks. With LVM, you can adjust the disk space ratio for different resources on a data disk.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        If the data disk is uninstalled or damaged, the container engine will malfunction and the node becomes unavailable.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • If System Component Storage is set to System Disk, you do not need to add a data disk.
                                                                                                                                                                                                        • Data disks are required if System Component Storage is set to Data Disk.
                                                                                                                                                                                                          A data disk dedicated for kubelet and the container engine will be attached to a new node. By default, CCE uses LVM to manage data disks. With LVM, you can adjust the disk space ratio for different resources on a data disk.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the data disk is uninstalled or damaged, the container engine will malfunction and the node becomes unavailable.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00097.html b/docs/cce/umn/cce_faq_00097.html
index e8d8481fd..8213eb070 100644
--- a/docs/cce/umn/cce_faq_00097.html
+++ b/docs/cce/umn/cce_faq_00097.html
@@ -8,10 +8,10 @@
 
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        • ECSs can be managed.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        The cloud servers to be managed must meet the following requirements:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                                                                                                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                                                                                                                        • Data disks must be attached to the nodes to be managed. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                                                                                                                                                                        • Only cloud servers with the same data disk configurations can be added in batches.
                                                                                                                                                                                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                                                                                                                                                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                                                                                                                                                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                                                                                                                        • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                                                                                                                        • Data disks must be attached to the nodes to be managed if the system components of these nodes are separately stored. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                                                                                                                        • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                                                                                                                                                                        • Only cloud servers with the same data disk configuration can be accepted in batches for management.
                                                                                                                                                                                                        • If IPv6 is enabled for a cluster, only nodes in a subnet with IPv6 enabled can be accepted and managed. If IPv6 is not enabled for the cluster, only nodes in a subnet without IPv6 enabled can be accepted.
                                                                                                                                                                                                        • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node flavors, see the node flavors that can be selected on the console when you create a node. 
                                                                                                                                                                                                        • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Procedure
                                                                                                                                                                                                        View the cluster log information to locate the failure cause and rectify the fault.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Log in to the CCE console. In the navigation pane, click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                                        2. Click the record of the Failed status to view error information.
                                                                                                                                                                                                        3. Rectify the fault based on the error information and accept the node into a cluster again.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the CCE console and click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                                        2. Click the record of the Failed status to view error information.
                                                                                                                                                                                                        3. Rectify the fault based on the error information and accept the node into a cluster again.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Common Issues
                                                                                                                                                                                                        If a node fails to be managed, a message will be displayed, indicating that the disk partitioning does not work:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Install config-prepare failed: exit status 1, output: [ Mon Jul 17 14:26:10 CST 2023 ] start install config-prepare\nNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT\nsda 8:0 0 40G 0 disk \n└─sda1 8:1 0 40G 0 part /\nsdb 8:16 0 100G 0 disk \n└─sdb1 8:17 0 100G 0 part
diff --git a/docs/cce/umn/cce_faq_00098.html b/docs/cce/umn/cce_faq_00098.html
index 6f9ad4bb9..448ca7654 100644
--- a/docs/cce/umn/cce_faq_00098.html
+++ b/docs/cce/umn/cce_faq_00098.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                                                                                                        What Should I Do If Pod Scheduling Fails?
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Fault Locating
                                                                                                                                                                                                        If the pod is in the Pending state and the event contains pod scheduling failure information, locate the cause based on the event information. For details about how to view events, see How Do I Use Events to Fix Abnormal Workloads?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Fault Locating
                                                                                                                                                                                                        If the pod is in the Pending state and the event contains pod scheduling failure information, locate the cause based on the event information. For details about how to view events, see How Can I Find the Fault for an Abnormal Workload?
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Troubleshooting Process
                                                                                                                                                                                                        Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                                                        
 
-
                                                                                                                                                                                                      Table 1 Sticky session types
                                                                                                                                                                                                      OSI Layer
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -45,8 +39,6 @@
 
                                                                                                                                                                                                       
                                                                                                                                                                                                      When creating a load balancer, configure sticky sessions by setting kubernetes.io/elb.lb-algorithm to ROUND_ROBIN or kubernetes.io/elb.lb-algorithm to LEAST_CONNECTIONS. If you set kubernetes.io/elb.lb-algorithm is to SOURCE_IP, source IP address-based sticky sessions are supported. In this case, you do not need to configure sticky sessions again.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Layer 4 Sticky Sessions for Services
                                                                                                                                                                                                      In Layer 4 mode, source IP address-based sticky sessions can be enabled, where hash routing is performed based on the client IP address.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Enabling Layer 4 Sticky Session in a CCE Standard Cluster
                                                                                                                                                                                                      In a CCE standard cluster, to enable source IP address-based sticky session for a Service, ensure the following conditions are met:
                                                                                                                                                                                                      1. Service Affinity of the Service must be set to Node-level, where the externalTrafficPolicy value of the Service must be Local.
                                                                                                                                                                                                      2. Anti-affinity has been enabled on the backend applications of the Service to prevent all pods from being deployed on the same node.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      
@@ -109,13 +101,14 @@ spec:
       port: 80
       protocol: TCP
   type: LoadBalancer
-
                                                                                                                                                                                                    14. Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.
                                                                                                                                                                                                      15. 
+
                                                                                                                                                                                                    15. Check whether the Layer 4 sticky session function is enabled.
                                                                                                                                                                                                      1. Log in to the ELB console, locate the row containing the target load balancer, and click the listener name.
                                                                                                                                                                                                      2. Check whether the sticky session function is enabled in the backend server group.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      16. 
 
                                                                                                                                                                                                      Enabling Layer 4 Sticky Session in a CCE Turbo Cluster
                                                                                                                                                                                                      In a CCE Turbo cluster, enabling source IP address-based sticky session for a Service relies on the load balancer type.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • When a dedicated load balancer is used, passthrough networking is allowed between the load balancer and pods, and pods function as the backend server group of the load balancer. Therefore, you do not need to configure Service affinity or application anti-affinity when enabling source IP address-based sticky session for the Service.
                                                                                                                                                                                                      • When a shared load balancer is used, to enable source IP address-based sticky session for a Service, ensure the following conditions are met:
                                                                                                                                                                                                        1. Service Affinity of the Service must be set to Node-level, where the externalTrafficPolicy value of the Service must be Local.
                                                                                                                                                                                                        2. Anti-affinity has been enabled on the backend applications of the Service to prevent all pods from being deployed on the same node.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • When a dedicated load balancer is used, passthrough networking is allowed between the load balancer and pods, and pods function as the backend server group of the load balancer. Therefore, you do not need to configure Service affinity or application anti-affinity when enabling source IP address-based sticky session for the Service.
                                                                                                                                                                                                      • If a shared load balancer is used, sticky session cannot be enabled.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • For dedicated load balancers
                                                                                                                                                                                                        The following shows an example YAML file for configuring source IP address-based sticky sessions for a Service that uses an existing load balancer:
                                                                                                                                                                                                        apiVersion: v1
+
                                                                                                                                                                                                        • For dedicated load balancers
                                                                                                                                                                                                          The following shows an example YAML file for configuring source IP address-based sticky sessions for a Service that uses an existing load balancer:
                                                                                                                                                                                                          apiVersion: v1
 kind: Service
 metadata:
   name: svc-example
@@ -128,7 +121,7 @@ metadata:
 spec:
   selector: 
     app: nginx
-  externalTrafficPolicy: Local     # In CCE Turbo clusters, Service affinity does not need to be configured if a dedicated load balancer is used.
+  externalTrafficPolicy: Cluster     # In CCE Turbo clusters, Service affinity does not need to be configured if a dedicated load balancer is used.
   ports:
     - name: cce-service-0
       targetPort: 80
@@ -137,74 +130,15 @@ spec:
       protocol: TCP
   type: LoadBalancer
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                      • For shared load balancers
                                                                                                                                                                                                        1. Create an Nginx workload.
                                                                                                                                                                                                          Set the number of pods to 3 and configure podAntiAffinity.
                                                                                                                                                                                                          kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: nginx
-  namespace: default
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:perl'
-          resources:
-            limits:
-              cpu: 250m
-              memory: 512Mi
-            requests:
-              cpu: 250m
-              memory: 512Mi
-      imagePullSecrets:
-        - name: default-secret
-      affinity:
-        podAntiAffinity:                   # Pod anti-affinity
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - nginx
-              topologyKey: kubernetes.io/hostname
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Verify that the Layer 4 sticky session function is enabled.
                                                                                                                                                                                                          1. Log in to the ELB console, locate the row containing the target load balancer, and click the listener name.
                                                                                                                                                                                                          2. Check whether the sticky session function is enabled in the backend server group.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. Create a LoadBalancer Service. The following shows an example YAML file for configuring source IP address-based sticky sessions for a Service that uses an existing load balancer:
                                                                                                                                                                                                          apiVersion: v1
-kind: Service
-metadata:
-  name: svc-example
-  namespace: default
-  annotations:
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.id: *****
-    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN      # Weighted round robin allocation policy
-    kubernetes.io/elb.session-affinity-mode: SOURCE_IP    # Enable source IP address-based sticky session.
-spec:
-  selector: 
-    app: nginx
-  externalTrafficPolicy: Local    # Node level Service affinity
-  ports:
-    - name: cce-service-0
-      targetPort: 80
-      nodePort: 32633
-      port: 80
-      protocol: TCP
-  type: LoadBalancer
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        3. Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      
+
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Layer 7 Sticky Sessions for Ingresses
                                                                                                                                                                                                      In Layer 7 mode, sticky sessions can be enabled using HTTP cookies or application cookies.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Enabling Layer 7 Sticky Session in a CCE Standard Cluster
                                                                                                                                                                                                      To enable cookie-based sticky session on an ingress, ensure the following conditions are met:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Service Affinity of the ingress must be set to Node-level, where the externalTrafficPolicy value of the Service must be Local.
                                                                                                                                                                                                      2. Anti-affinity must be enabled for the ingress workload to prevent all pods from being deployed on the same node.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Create an Nginx workload.
                                                                                                                                                                                                        Set the number of pods to 3 and configure podAntiAffinity.
                                                                                                                                                                                                        kind: Deployment
+
                                                                                                                                                                                                        1. Create an Nginx workload.
                                                                                                                                                                                                          Set the number of pods to 3 and configure podAntiAffinity.
                                                                                                                                                                                                          kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: nginx
@@ -264,6 +198,8 @@ spec:
   externalTrafficPolicy: Local   # Node level Service affinity
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          You can also select APP_COOKIE.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           
                                                                                                                                                                                                          Only shared load balancers support application cookie-based sticky sessions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          apiVersion: v1
 kind: Service
 metadata:
@@ -273,8 +209,18 @@ metadata:
     kubernetes.io/elb.lb-algorithm: ROUND_ROBIN      # Weighted round robin allocation policy
     kubernetes.io/elb.session-affinity-mode: APP_COOKIE     # Select APP_COOKIE.
     kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}'  # Application cookie name
-...
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
+spec:
+  selector:
+    app: nginx
+  ports:
+    - name: cce-service-0
+      protocol: TCP
+      port: 80
+      targetPort: 80
+      nodePort: 32633            # Custom node port
+  type: NodePort
+  externalTrafficPolicy: Local   # Node level Service affinity
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
@@ -298,13 +244,14 @@ spec:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
   ingressClassName: cce
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        4. Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Verify that the Layer 7 sticky session function is enabled.
                                                                                                                                                                                                        1. Log in to the ELB console, locate the row containing the target load balancer, and click the listener name.
                                                                                                                                                                                                        2. Click the Forwarding Policies tab, click the backend server group name, and check whether sticky session is enabled for it.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Enabling Layer 7 Sticky Session in a CCE Turbo Cluster
                                                                                                                                                                                                      Enable cookie-based sticky session on the ingress.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • When a dedicated load balancer is used, passthrough networking is allowed between the load balancer and pods, and pods function as the backend server group of the load balancer. Therefore, you do not need to configure Service affinity or application anti-affinity when enabling cookie-based sticky session for the ingress.
                                                                                                                                                                                                      • When a shared load balancer is used, to enable cookie-based sticky session for an ingress, ensure the following conditions are met:
                                                                                                                                                                                                        1. Service Affinity of the ingress must be set to Node-level, where the externalTrafficPolicy value of the Service must be Local.
                                                                                                                                                                                                        2. Anti-affinity must be enabled for the ingress workload to prevent all pods from being deployed on the same node.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • When a dedicated load balancer is used, passthrough networking is allowed between the load balancer and pods, and pods function as the backend server group of the load balancer. Therefore, you do not need to configure Service affinity or application anti-affinity when enabling cookie-based sticky session for the ingress.
                                                                                                                                                                                                      • If a shared load balancer is used, sticky session cannot be enabled.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • For dedicated load balancers
                                                                                                                                                                                                        1. Create a Service for the workload. In a CCE Turbo cluster, the ingresses that use a dedicated load balancer must interconnect with ClusterIP Services.
                                                                                                                                                                                                          Configure sticky sessions during the creation of a Service. An ingress can access multiple Services, and each Service can have different sticky sessions.
                                                                                                                                                                                                          apiVersion: v1
+
                                                                                                                                                                                                          • For dedicated load balancers
                                                                                                                                                                                                            1. Create a Service for the workload. In a CCE Turbo cluster, the ingresses that use a dedicated load balancer must interconnect with ClusterIP Services.
                                                                                                                                                                                                              Configure sticky sessions during the creation of a Service. An ingress can access multiple Services, and each Service can have different sticky sessions.
                                                                                                                                                                                                              apiVersion: v1
 kind: Service
 metadata:
   name: nginx
@@ -324,18 +271,7 @@ spec:
       nodePort: 0
   type: ClusterIP
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              You can also select APP_COOKIE.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  namespace: default
-  annotations:
-    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN      # Weighted round robin allocation policy
-    kubernetes.io/elb.session-affinity-mode: APP_COOKIE     # Select APP_COOKIE.
-    kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}'  # Application cookie name
-...
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            2. Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                                              apiVersion: networking.k8s.io/v1
+
                                                                                                                                                                                                            3. Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                                              apiVersion: networking.k8s.io/v1
 kind: Ingress 
 metadata: 
   name: ingress-test
@@ -359,103 +295,10 @@ spec:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
   ingressClassName: cce
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            4. Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                      • For shared load balancers
                                                                                                                                                                                                        1. Create an Nginx workload.
                                                                                                                                                                                                          Set the number of pods to 3 and configure podAntiAffinity.
                                                                                                                                                                                                          kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: nginx
-  namespace: default
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:perl'
-          resources:
-            limits:
-              cpu: 250m
-              memory: 512Mi
-            requests:
-              cpu: 250m
-              memory: 512Mi
-      imagePullSecrets:
-        - name: default-secret
-      affinity:
-        podAntiAffinity:                   # Pod anti-affinity
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - nginx
-              topologyKey: kubernetes.io/hostname
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. Create a Service for the workload. In a CCE Turbo cluster, the ingresses that use a shared load balancer must interconnect with NodePort Services.
                                                                                                                                                                                                          Configure sticky sessions during the creation of a Service. An ingress can access multiple Services, and each Service can have different sticky sessions.
                                                                                                                                                                                                          apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  namespace: default
-  annotations:
-    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN      # Weighted round robin allocation policy
-    kubernetes.io/elb.session-affinity-mode: HTTP_COOKIE      # HTTP cookie
-    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout":"1440"}'   # Session stickiness duration, in minutes. The value ranges from 1 to 1440.
-spec:
-  selector:
-    app: nginx
-  ports:
-    - name: cce-service-0
-      protocol: TCP
-      port: 80
-      targetPort: 80
-      nodePort: 32633            # Custom node port
-  type: NodePort
-  externalTrafficPolicy: Local   # Node level Service affinity
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          You can also select APP_COOKIE.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  namespace: default
-  annotations:
-    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN      # Weighted round robin allocation policy
-    kubernetes.io/elb.session-affinity-mode: APP_COOKIE     # Select APP_COOKIE.
-    kubernetes.io/elb.session-affinity-option: '{"app_cookie_name":"test"}'  # Application cookie name
-...
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        3. Create an ingress and associate it with the Service. The following uses an existing load balancer as an example. For details about how to automatically create a load balancer, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                                          apiVersion: networking.k8s.io/v1
-kind: Ingress 
-metadata: 
-  name: ingress-test
-  namespace: default
-  annotations: 
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.port: '80'
-    kubernetes.io/elb.id: *****
-spec:
-  rules: 
-  - host: 'www.example.com'
-    http: 
-      paths: 
-      - path: '/'
-        backend: 
-          service:
-            name: nginx     # Service name
-            port: 
-              number: 80
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-        pathType: ImplementationSpecific
-  ingressClassName: cce
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        4. Log in to the ELB console and click the target load balancer. In the backend server group of the listener, check whether sticky session is enabled.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    16. Verify that the Layer 7 sticky session function is enabled.
                                                                                                                                                                                                      1. Log in to the ELB console, locate the row containing the target load balancer, and click the listener name.
                                                                                                                                                                                                      2. Click the Forwarding Policies tab, click the backend server group name, and check whether sticky session is enabled for it.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      17. 
+
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0024.html b/docs/cce/umn/cce_bestpractice_0024.html
index 425e7464b..a456badde 100644
--- a/docs/cce/umn/cce_bestpractice_0024.html
+++ b/docs/cce/umn/cce_bestpractice_0024.html
@@ -26,7 +26,7 @@ Run `velero backup describe wordpress-backup` or `velero backup logs wordpress-b
 wordpress-backup   Completed   0        0          2021-10-14 15:32:07 +0800 CST   29d       default            <none>
 
                                                                                                                                                                                                      In addition, you can go to the object bucket to view the backup files. The backups path is the application resource backup path, and the other is the PV data backup path.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Restoring Applications in the Target Cluster
                                                                                                                                                                                                      The storage infrastructure of an on-premises cluster is different from that of a cloud cluster. After the cluster is migrated, PVs cannot be mounted to pods. Therefore, during the migration, update the storage class of the target cluster to shield the differences of underlying storage interfaces between the two clusters when creating a workload and request storage resources of the corresponding type. For details, see Updating the Storage Class. 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00253.html b/docs/cce/umn/cce_bestpractice_00253.html
index a3ff084b2..b0d09513e 100644
--- a/docs/cce/umn/cce_bestpractice_00253.html
+++ b/docs/cce/umn/cce_bestpractice_00253.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                                                                                                                                      Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Background
                                                                                                                                                                                                      The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Background
                                                                                                                                                                                                      The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Constraints
                                                                                                                                                                                                      • Only clusters of v1.15 or later are supported.
                                                                                                                                                                                                      • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                                      • Kata containers are not supported.
                                                                                                                                                                                                      • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                                                      • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                                                        Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Constraints
                                                                                                                                                                                                        • Only clusters of v1.15 or later are supported.
                                                                                                                                                                                                        • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                                        • Kata containers are not supported.
                                                                                                                                                                                                        • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                                                        • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                                                          Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                                                        1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                                        2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                          The following is an example:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          apiVersion: storage.k8s.io/v1
+
                                                                                                                                                                                                          Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                                                          1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                                          2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                            The following is an example:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            apiVersion: storage.k8s.io/v1
 allowVolumeExpansion: true
 kind: StorageClass
 metadata:
@@ -29,16 +29,16 @@ parameters:
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            In this example:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • name: indicates the name of the StorageClass.
                                                                                                                                                                                                            • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                                              • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                                              • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                                                mountOptions:
+
                                                                                                                                                                                                                In this example:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • name: indicates the name of the StorageClass.
                                                                                                                                                                                                                • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                                                  • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                                                  • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                                                    mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                                                                • everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                                                • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                                                • everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                                                • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                                                • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                                                • everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                                                • everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                          1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                          2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                                            The following is an example:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            apiVersion: v1
+
                                                                                                                                                                                                          3. everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                                                          4. everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                                          5. everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                                          6. everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                                          7. everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                                          8. everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                                          9. everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                                          10. everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                      2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: sfs-turbo-test
@@ -51,13 +51,13 @@ spec:
       storage: 50Gi
   storageClassName: sfsturbo-subpath-sc
   volumeMode: Filesystem
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        In this example:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • name: indicates the name of the PVC.
                                                                                                                                                                                                        • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                                                        • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                                                           
                                                                                                                                                                                                          The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In this example:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • name: indicates the name of the PVC.
                                                                                                                                                                                                          • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                                                          • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                                                             
                                                                                                                                                                                                            The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                      1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                                                      1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        apiVersion: apps/v1
+
                                                                                                                                                                                                        Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                                                        1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                                                          The following is an example:
                                                                                                                                                                                                          apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-turbo-subpath-example
@@ -89,13 +89,13 @@ spec:
         persistentVolumeClaim: 
           claimName: sfs-turbo-test
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          In this example:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • name: indicates the name of the created workload.
                                                                                                                                                                                                          • image: specifies the image used by the workload.
                                                                                                                                                                                                          • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                          • claimName: indicates the name of an existing PVC.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        1. Create the Deployment.
                                                                                                                                                                                                          kubectl create -f deployment-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In this example:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • name: indicates the name of the created workload.
                                                                                                                                                                                                          • image: specifies the image used by the workload.
                                                                                                                                                                                                          • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                          • claimName: indicates the name of an existing PVC.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        1. Create the Deployment.
                                                                                                                                                                                                          kubectl create -f deployment-test.yaml
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                                                        1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                                                          The following is an example:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          apiVersion: apps/v1
+
                                                                                                                                                                                                          Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                                                          1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                                                            The following is an example:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: test-turbo-subpath
@@ -151,15 +151,15 @@ spec:
   updateStrategy:
     type: RollingUpdate
   revisionHistoryLimit: 10
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            In this example:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                            • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                                                            • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          1. Create the StatefulSet.
                                                                                                                                                                                                            kubectl create -f statefulset-test.yaml
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            In this example:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                            • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                                                            • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          1. Create the StatefulSet.
                                                                                                                                                                                                            kubectl create -f statefulset-test.yaml
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Parent topic: SFS Turbo
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Storage
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_bestpractice_00253_0.html b/docs/cce/umn/cce_bestpractice_00253_0.html
index 8d5b44b0e..58192ce19 100644
--- a/docs/cce/umn/cce_bestpractice_00253_0.html
+++ b/docs/cce/umn/cce_bestpractice_00253_0.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                                                                                                                                        Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Background
                                                                                                                                                                                                        The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Background
                                                                                                                                                                                                        The minimum capacity of an SFS Turbo file system is 500 GiB. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Constraints
                                                                                                                                                                                                        • Only clusters of v1.15 or later are supported.
                                                                                                                                                                                                        • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                                        • Kata containers are not supported.
                                                                                                                                                                                                        • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                                                        • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                                                          Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Constraints
                                                                                                                                                                                                          • Only clusters of v1.15 or later are supported.
                                                                                                                                                                                                          • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                                          • Kata containers are not supported.
                                                                                                                                                                                                          • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                                                          • A subPath volume is a subdirectory of an SFS Turbo file system. Increasing the capacity of a PVC of this type only changes the resource range specified by the PVC, but does not change the total capacity of the SFS Turbo file system. If the SFS Turbo file system's total resource capacity is not enough, the available capacity of the subPath volume will be restricted. To fix this, you must increase the resource capacity of the SFS Turbo file system on the SFS Turbo console.
                                                                                                                                                                                                            Deleting the subPath volume does not result in the deletion of the resources of the SFS Turbo file system.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                                                          1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                                          2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                            The following is an example:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            apiVersion: storage.k8s.io/v1
+
                                                                                                                                                                                                            Creating an SFS Turbo Volume of the subPath Type
                                                                                                                                                                                                            1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                                            2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                              The following is an example:
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              apiVersion: storage.k8s.io/v1
 allowVolumeExpansion: true
 kind: StorageClass
 metadata:
@@ -29,16 +29,16 @@ parameters:
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              In this example:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              • name: indicates the name of the StorageClass.
                                                                                                                                                                                                              • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                                                • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                                                • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                                                  mountOptions:
+
                                                                                                                                                                                                                  In this example:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • name: indicates the name of the StorageClass.
                                                                                                                                                                                                                  • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                                                    • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                                                    • Starting from everest 1.2.8, more mount options are supported. For details, see Configuring SFS Volume Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                                                      mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  • everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                                                                  • everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                                                  • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                                                  • everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                                                  • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                                                  • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                                                  • everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                                                  • everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                            1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                            2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                                              The following is an example:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              apiVersion: v1
+
                                                                                                                                                                                                            3. everest.io/volume-as: This parameter is set to subpath to use the subPath volume.
                                                                                                                                                                                                            4. everest.io/share-access-to: This parameter is optional. In a subPath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                                            5. everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                                            6. everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                                            7. everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                                            8. everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                                            9. everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                                            10. everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                      2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: sfs-turbo-test
@@ -51,13 +51,13 @@ spec:
       storage: 50Gi
   storageClassName: sfsturbo-subpath-sc
   volumeMode: Filesystem
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        In this example:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • name: indicates the name of the PVC.
                                                                                                                                                                                                        • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                                                        • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                                                           
                                                                                                                                                                                                          The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In this example:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • name: indicates the name of the PVC.
                                                                                                                                                                                                          • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                                                          • storage: In a subPath volume, modifying the value of this parameter does not impact the resource capacity of the SFS Turbo file system. A subPath volume is essentially a file path within an SFS Turbo file system. As a result, increasing the capacity of the subPath volume in a PVC does not lead to an increase in the resources of the SFS Turbo file system.
                                                                                                                                                                                                             
                                                                                                                                                                                                            The capacity of a subPath volume is restricted by the overall resource capacity of the corresponding SFS Turbo file system. If the resources of the SFS Turbo file system are inadequate, you can adjust the resource capacity via the SFS Turbo console.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                      1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                                                      1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        apiVersion: apps/v1
+
                                                                                                                                                                                                        Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                                                        1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                                                          The following is an example:
                                                                                                                                                                                                          apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-turbo-subpath-example
@@ -89,13 +89,13 @@ spec:
         persistentVolumeClaim: 
           claimName: sfs-turbo-test
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          In this example:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • name: indicates the name of the created workload.
                                                                                                                                                                                                          • image: specifies the image used by the workload.
                                                                                                                                                                                                          • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                          • claimName: indicates the name of an existing PVC.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        1. Create the Deployment.
                                                                                                                                                                                                          kubectl create -f deployment-test.yaml
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In this example:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • name: indicates the name of the created workload.
                                                                                                                                                                                                          • image: specifies the image used by the workload.
                                                                                                                                                                                                          • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                          • claimName: indicates the name of an existing PVC.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        1. Create the Deployment.
                                                                                                                                                                                                          kubectl create -f deployment-test.yaml
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                                                        1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                                                          The following is an example:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          apiVersion: apps/v1
+
                                                                                                                                                                                                          Dynamically Creating a subPath Volume for a StatefulSet
                                                                                                                                                                                                          1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                                                            The following is an example:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: test-turbo-subpath
@@ -151,15 +151,15 @@ spec:
   updateStrategy:
     type: RollingUpdate
   revisionHistoryLimit: 10
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            In this example:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                            • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                                                            • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          1. Create the StatefulSet.
                                                                                                                                                                                                            kubectl create -f statefulset-test.yaml
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            In this example:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • name: indicates the name of the created workload.
                                                                                                                                                                                                            • image: specifies the image used by the workload.
                                                                                                                                                                                                            • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                            • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they have a mapping relationship.
                                                                                                                                                                                                            • storageClassName: specifies the name of an on-premises StorageClass.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          1. Create the StatefulSet.
                                                                                                                                                                                                            kubectl create -f statefulset-test.yaml
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Parent topic: Storage
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: SFS Turbo
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_bestpractice_00254.html b/docs/cce/umn/cce_bestpractice_00254.html
index 1c869aef3..4edf227e8 100644
--- a/docs/cce/umn/cce_bestpractice_00254.html
+++ b/docs/cce/umn/cce_bestpractice_00254.html
@@ -9,13 +9,13 @@
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        When performing O&M on Kubernetes clusters, it is often necessary to switch between multiple clusters. The following shows some typical solutions for cluster switchover:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • Solution 1: Specify --kubeconfig of kubectl to select the kubeconfig file used by each cluster and use aliases to simplify commands.
                                                                                                                                                                                                        • Solution 2: Combine clusters, users, and credentials in multiple kubeconfig files into one configuration file and run kubectl config use-context to switch clusters.
                                                                                                                                                                                                          Compared with solution 1, this solution requires manual configuration of the kubeconfig file, which is relatively complex.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • You have a Linux VM with the kubectl command line tool installed. The kubectl version must match the cluster version. For details, see Install Tools.
                                                                                                                                                                                                        • The VM where kubectl is installed must be able to access the network of each cluster.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        kubeconfig File Structure
                                                                                                                                                                                                        kubeconfig is the configuration file of kubectl. You can download it on the cluster details page.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The content of the kubeconfig file is as follows:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        {
     "kind": "Config",
diff --git a/docs/cce/umn/cce_bestpractice_00281.html b/docs/cce/umn/cce_bestpractice_00281.html
index 43fad57b3..fc4a36ce5 100644
--- a/docs/cce/umn/cce_bestpractice_00281.html
+++ b/docs/cce/umn/cce_bestpractice_00281.html
@@ -21,7 +21,7 @@ spec:
 
                                                                                                                                                                                                        • Set storageClassName only, which is simpler than specifying the EVS disk type by using everest.io/disk-volume-type.
                                                                                                                                                                                                        • Avoid modifying YAML files or Helm charts. Some users switch from self-built or other Kubernetes services to CCE and have written YAML files of many applications. In these YAML files, different types of storage resources are specified by different StorageClassNames. When using CCE, they need to modify a large number of YAML files or Helm charts to use storage resources, which is labor-consuming and error-prone.
                                                                                                                                                                                                        • Set the default storageClassName for all applications to use the default storage class. In this way, you can create storage resources of the default type without needing to specify storageClassName in the YAML file.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        This section describes how to set a custom storage class in CCE and how to set the default storage class. You can specify different types of storage resources by setting storageClassName.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          • For the second scenario, you can define a storage class with the same name as that in the existing YAML file without needing to modify storageClassName in the YAML file.
                                                                                                                                                                                                          • For the third scenario, you can set the default storage class as described below to create storage resources without specifying storageClassName in YAML files.
                                                                                                                                                                                                            apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -35,8 +35,8 @@ spec:
       storage: 10Gi
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        CCE Default Storage Classes
                                                                                                                                                                                                        As of now, CCE provides storage classes such as csi-disk, csi-nas, and csi-obs by default. When defining a PVC, you can use a storageClassName to automatically create a PV of the corresponding type and automatically create underlying storage resources.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Run the following kubectl command to obtain the storage classes that CCE supports. Use the CSI add-on provided by CCE to create a storage class.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Creating a StorageClass Using a YAML File
                                                                                                                                                                                                        As of now, CCE provides StorageClasses such as csi-disk, csi-nas, and csi-obs by default. When defining a PVC, you can use a StorageClassName to automatically create a PV of the corresponding type and automatically create underlying storage resources.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Run the following kubectl command to obtain the StorageClasses that CCE supports. Use the CSI add-on provided by CCE to create a StorageClass.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        # kubectl get sc
 NAME                PROVISIONER                     AGE
 csi-disk            everest-csi-provisioner         17d          # EVS disk
@@ -44,14 +44,14 @@ csi-disk-topology   everest-csi-provisioner         17d          # EVS disks cre
 csi-nas             everest-csi-provisioner         17d          # SFS 1.0
 csi-obs             everest-csi-provisioner         17d          # OBS
 csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Each storage class contains the default parameters used for dynamically creating a PV. The following is an example of storage class for EVS disks:
                                                                                                                                                                                                        kind: StorageClass
+
                                                                                                                                                                                                        Each StorageClass contains the default parameters used for dynamically creating a PV. The following is an example of StorageClass for EVS disks:
                                                                                                                                                                                                        kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: csi-disk
 provisioner: everest-csi-provisioner
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
-csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
+  csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to xfs or ext4. If it is left blank, ext4 will be used by default.
   everest.io/disk-volume-type: SAS
   everest.io/passthrough: 'true'
 reclaimPolicy: Delete
@@ -77,18 +77,18 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                                                                                                                                      
-
-
+
+
+
+
+
+
@@ -28,7 +39,7 @@
 
-
@@ -61,7 +72,7 @@
 
-
@@ -156,8 +167,11 @@
 
                                                                                                                                                                                                      Phases of CCE Cluster Versions
                                                                                                                                                                                                      • In commercial use: The cluster version has been fully verified and is stable and reliable. You can use clusters of this version in the production environment, and the CCE SLA is valid for such clusters.
                                                                                                                                                                                                      • EOS: After the cluster version EOS, CCE does not support the creation of new clusters or provide technical support including new feature updates, vulnerability or issue fixes, new patches, work order guidance, and online checks for the EOS cluster version. The CCE SLA is not valid for such clusters.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE Cluster Versions
                                                                                                                                                                                                      CCE clusters are updated according to the versions available in the Kubernetes community. This means that a CCE cluster version is made up of both the Kubernetes community version number and the CCE patch version number. The CCE cluster version is in the format for vX.Y.Z-rN, such as v1.28.2-r0.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • A Kubernetes version is in the format of X.Y, which inherits the community version policy. The major Kubernetes version is represented by X, while the minor Kubernetes version is represented by Y. For details, see the Kubernetes version policies. 
                                                                                                                                                                                                      • A CCE patch version is in the format of Z-rN, for example, v1.28. New patches are released on an irregular basis for Kubernetes versions that are still in the maintenance period. If a new patch version offers new features that were not present in the previous version, the Z number will increase. If a new patch version provides bug fixes, vulnerability fixes, or scenario optimization compared to the previous version, the N number will increase. 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      CCE Cluster Versions
                                                                                                                                                                                                      CCE clusters are updated according to the versions available in the Kubernetes community. This means that a CCE cluster version is made up of both the Kubernetes community version number and the CCE patch version number. The CCE cluster version is in the format for vX.Y.Z-rN, such as v1.30.4-r0.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • A Kubernetes version is in the format of X.Y.Z, which inherits the community version policy. The major Kubernetes version is represented by X, the minor Kubernetes version is represented by Y, and the Kubernetes patch version is represented by Z. For details, see the Kubernetes version policies. For details about the Kubernetes versions supported by CCE, see Kubernetes Version Release Notes.
                                                                                                                                                                                                      • A CCE patch version is in the format of, for example, v1.30.4-rN. New patches are released on an irregular basis for Kubernetes versions that are still in the maintenance period. If a new patch version provides new features, bug fixes, vulnerability fixes, or scenario optimizations compared with the previous version, the N version number increases. For details about the patch versions, see Patch Versions.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Cluster Upgrade
                                                                                                                                                                                                      Periodically upgrade CCE clusters for better user experience. Using an EOS version, you cannot obtain technical support and CCE SLA assurance. Upgrade CCE clusters in a timely manner.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      On the CCE console, you can easily upgrade clusters in a visualized manner, improving the stability and reliability of clusters. For details, see Upgrade Overview.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bulletin_0058.html b/docs/cce/umn/cce_bulletin_0058.html
index 242ce3077..c1228642d 100644
--- a/docs/cce/umn/cce_bulletin_0058.html
+++ b/docs/cce/umn/cce_bulletin_0058.html
@@ -11,7 +11,7 @@
 
                                                                                                                                                                                                    17. The EndPort in the network policy moves to stable.
                                                                                                                                                                                                      EndPort in Network Policy is stable. This feature is incorporated in version 1.21. EndPort is added to NetworkPolicy. You can specify a port range.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    18. Local ephemeral storage capacity isolation is stable.
                                                                                                                                                                                                      This feature provides support for capacity isolation of local ephemeral storage between pods, such as EmptyDir. If a pod's consumption of shared resources exceeds the limit, it will be evicted.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    19. Local ephemeral storage capacity isolation is stable.
                                                                                                                                                                                                      This feature provides support for capacity isolation of local ephemeral storage between pods, such as emptyDir. If a pod's consumption of shared resources exceeds the limit, it will be evicted.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    20. The CRD verification expression language moves to beta.
                                                                                                                                                                                                      This makes it possible to declare how to validate custom resources using CEL. For details, see Extend the Kubernetes API with CustomResourceDefinitions.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    21. KMS v2 APIs are introduced.
                                                                                                                                                                                                      The KMS v2 alpha1 API is introduced to add performance, rotation, and observability improvements. This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    22. Pod network readiness is introduced.
                                                                                                                                                                                                      Kubernetes 1.25 introduces Alpha support for PodHasNetwork. This status is in the status field of the pod. For details, see Pod network readiness.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bulletin_0061.html b/docs/cce/umn/cce_bulletin_0061.html
deleted file mode 100644
index c38a1c7c7..000000000
--- a/docs/cce/umn/cce_bulletin_0061.html
+++ /dev/null
@@ -1,131 +0,0 @@
-
-
-
                                                                                                                                                                                                      CCE Console Upgrade
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Released: Sep 3, 2023
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Dear users,
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      We are pleased to announce that a brand-new CCE console is available. The new console is modern, visually appealing, and concise, providing a more comfortable and enjoyable user experience.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      We have optimized the UI, including the colors, fonts, and icons. This makes the entire console clearer and easier to operate. Additionally, we have added some new interaction pages to help you use your clusters more efficiently and conveniently.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      We believe that the new CCE console will improve your user experience. If you have any questions or suggestions, feel free to contact our customer service. Thank you for your support and trust.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The upgrade involves the following:
                                                                                                                                                                                                      
-
-
                                                                                                                                                                                                      Optimized Cluster Management Page
                                                                                                                                                                                                      The cluster management page has been optimized:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • New cluster classification
                                                                                                                                                                                                        The CCE service is upgraded. It now provides CCE standard and CCE Turbo clusters. The original CCE clusters are renamed the CCE standard clusters. This kind of cluster is not a new cluster type.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • New design of the cluster panes
                                                                                                                                                                                                        Cluster panes are now simpler and more practical. The button icons on the original cluster panes are canceled. All entries are labeled in words, and infrequently used buttons are hidden.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • New classification of cluster functions
                                                                                                                                                                                                        The Resources and O&M categories in the navigation pane of the cluster console have been removed. The new categories are classified based on the Kubernetes native functions and the CCE cluster management and O&M observation functions.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      New Cluster Settings Page
                                                                                                                                                                                                      This is a brand-new page for cluster settings that provides a unified portal for configuring the control plane in an efficient and convenient manner.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      More capabilities will be added to the Settings page. Stay tuned for more.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Optimized Add-ons Page
                                                                                                                                                                                                      CCE has made the following changes to the Add-ons page:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • The classification of CCE add-ons is now more concise, helping you quickly locate the needed add-ons.
                                                                                                                                                                                                      • The new add-on names and introductions will help you understand the scenarios where these add-ons can be used and provide effective usage guidance.
                                                                                                                                                                                                      
-
-
                                                                                                                                                                                                      23. Table 1 Sticky session types
                                                                                                                                                                                                      OSI Layer
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Listener Protocol and Networking
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Listener Protocol and Networking
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Sticky Session Type
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Sticky Session Type
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Stickiness Duration
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Scenarios Where Sticky Sessions Become Invalid
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Scenarios Where Sticky Sessions Become Invalid
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Layer 4
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Layer 4
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      TCP- or UDP-compliant Services
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      TCP- or UDP-compliant Services
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Source IP address: The source IP address of each request is calculated using the consistent hashing algorithm to obtain a unique hashing key, and all backend servers are numbered. The system allocates the client to a particular server based on the generated key. This allows requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Source IP address: The source IP address of each request is calculated using the consistent hashing algorithm to obtain a unique hashing key, and all backend servers are numbered. The system allocates the client to a particular server based on the generated key. This allows requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Default: 20 minutes
                                                                                                                                                                                                      • Maximum: 60 minutes
                                                                                                                                                                                                      • Range: 1 minute to 60 minutes
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • Source IP addresses of the clients have changed.
                                                                                                                                                                                                      • Requests from the clients exceed the session stickiness duration.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Source IP addresses of the clients have changed.
                                                                                                                                                                                                      • Requests from the clients exceed the session stickiness duration.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Layer 7
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Layer 7
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      HTTP- or HTTPS-compliant ingresses
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      HTTP- or HTTPS-compliant ingresses
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Load balancer cookie: The load balancer generates a cookie after receiving a request from the client. All subsequent requests with the cookie will be routed to the same backend server.
                                                                                                                                                                                                      • Application cookie: The application deployed on the backend server generates a cookie after receiving the first request from the client. All subsequent requests with the same cookie will be routed to the same backend server.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Load balancer cookie: The load balancer generates a cookie after receiving a request from the client. All subsequent requests with the cookie will be routed to the same backend server.
                                                                                                                                                                                                      • Application cookie: The application deployed on the backend server generates a cookie after receiving the first request from the client. All subsequent requests with the same cookie will be routed to the same backend server.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Default: 20 minutes
                                                                                                                                                                                                      • Maximum: 1440 minutes
                                                                                                                                                                                                      • Range: 1 minute to 1440 minutes
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • If requests sent by the clients do not contain a cookie, sticky sessions will not take effect.
                                                                                                                                                                                                      • Requests from the clients exceed the session stickiness duration.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • If requests sent by the clients do not contain a cookie, sticky sessions will not take effect.
                                                                                                                                                                                                      • Requests from the clients exceed the session stickiness duration.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
                                                                                                                                                                                                       
 
 
 
 
 
 
 
 
 
 
 
                                                                                                                                                                                                      reclaimPolicy
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • Delete: indicates that a dynamically created PV will be automatically deleted when the PVC is deleted.
                                                                                                                                                                                                      • Retain: indicates that a dynamically created PV will be retained when the PVC is deleted.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Delete: When a PVC is deleted, its associated underlying storage resources will be deleted and the PV resources will be removed. Exercise caution if you select this option.
                                                                                                                                                                                                      • Retain: When a PVC is deleted, both of the PV and its associated underlying storage resources will be retained and the PV is marked as released. If you manually delete the PV afterwards, the underlying storage resources will not be deleted. To bind the PV to a new PVC, you need to remove the original binding information from the PV.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      allowVolumeExpansion
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Specifies whether the PV of this storage class supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Specifies whether the PV of this StorageClass supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      volumeBindingMode
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • Immediate: PV binding and dynamic creation are completed when a PVC is created.
                                                                                                                                                                                                      • WaitForFirstConsumer: PV binding and creation are delayed. The PV creation and binding processes are executed only when the PVC is used in the workload.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Immediate: After a PVC is created, the storage resources and PV will be created and associated with the PVC without delay.
                                                                                                                                                                                                      • WaitForFirstConsumer: After a PVC is created, it will not be immediately bound to a PV. Instead, the storage resources and PV will be generated and bound to the PVC only after the pod that requires the PVC is scheduled.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      mountOptions
                                                                                                                                                                                                      
@@ -102,22 +102,22 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
-
-
-
-
@@ -127,7 +127,7 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                       
@@ -148,9 +148,9 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
 
-
-
@@ -181,21 +181,21 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
                                                                                                                                                                                                      No
                                                                                                                                                                                                      
 
                                                                                                                                                                                                       
-
-
-
@@ -232,14 +232,14 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
 
-
-
-
@@ -256,7 +256,7 @@ csi.storage.k8s.io/fstype: ext4    # (Optional) Set the file system type to 
 
-
diff --git a/docs/cce/umn/cce_bestpractice_00282.html b/docs/cce/umn/cce_bestpractice_00282.html
index 89fa253b0..f578e162f 100644
--- a/docs/cce/umn/cce_bestpractice_00282.html
+++ b/docs/cce/umn/cce_bestpractice_00282.html
@@ -6,9 +6,9 @@
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                                                      Figure 1 HPA and CA working flows
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                                                      Figure 1 HPA and CA working flows
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Using HPA and CA enables automatic scaling for most scenarios while also providing monitoring capabilities.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Preparations
                                                                                                                                                                                                      1. Create a cluster with one node. The node should have 2 cores of vCPUs and 4 GiB of memory, or a higher specification, as well as an EIP to allow external access. If no EIP is bound to the node during node creation, you can manually bind one on the ECS console after creating the node.
                                                                                                                                                                                                        
@@ -29,7 +29,7 @@ RUN chmod a+rx index.php
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    23. Run the following command to build an image named hpa-example with the tag latest.
                                                                                                                                                                                                      docker build -t hpa-example:latest .
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    24. (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner.
                                                                                                                                                                                                      Skip this step if you already have an organization.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    25. In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                                                    26. Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                                                    27. Tag the hpa-example image.
                                                                                                                                                                                                      docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    28. In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                                                    29. Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                                                    30. Tag the hpa-example image.
                                                                                                                                                                                                      docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                                                                                                                                      • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                                                                                                                                      • {Organization name}: name of the created organization.
                                                                                                                                                                                                      • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The following is an example:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                                                                                      
@@ -45,9 +45,9 @@ latest: digest: sha256:eb7e3bbd*** size: **
 
                                                                                                                                                                                                      31. 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Creating a Node Pool and a Node Scaling Policy
                                                                                                                                                                                                      1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                                                                                      2. Configure the node pool.
                                                                                                                                                                                                        • Nodes: Set it to 1, indicating that one node is created by default when a node pool is created.
                                                                                                                                                                                                        • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Creating a Node Pool and a Node Scaling Policy
                                                                                                                                                                                                        1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                                                                                        2. Configure the node pool.
                                                                                                                                                                                                          • Node Type: Select a node type.
                                                                                                                                                                                                          • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Retain the defaults for other parameters. For details, see Creating a Node Pool.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        3. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                                                                                                                                          If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                                                                                                                                          • Automatic scale-out: If this function is enabled, nodes in a node pool will be automatically added based on the cluster load.
                                                                                                                                                                                                          • Customized Rule: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                                                                                                                                          • Automatic scale-in: If this function is enabled, nodes in a node pool will be automatically deleted based on the cluster load. For example, trigger scale-in when the node resource utilization is less than 50%.
                                                                                                                                                                                                          • AS Configuration: Modify the node quantity range. During autoscaling, the number of nodes in a node pool is always within the configured quantity range.
                                                                                                                                                                                                          • AS Object: Enable autoscaling for node specifications in a node pool.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Locate the row containing the newly created node pool and click Auto Scaling in the upper right corner. For details, see Creating a Node Scaling Policy.
                                                                                                                                                                                                          If the CCE Cluster Autoscaler add-on is not installed in the cluster, install it first. For details, see autoscaler.
                                                                                                                                                                                                          • Customize scale-out rules.: Click Add Rule. In the dialog box displayed, configure parameters. If the CPU allocation rate is greater than 70%, a node is added to each associated node pool. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle.
                                                                                                                                                                                                          • Nodes: Modify the node quantity range. The number of nodes in a node pool will always be within the range during auto scaling.
                                                                                                                                                                                                          • Cooldown Period: a period during which the nodes added in the current node pool cannot be scaled in
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        5. Click OK.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
@@ -119,7 +119,7 @@ spec:
           averageUtilization: 50
 
                                                                                                                                                                                                        Configure the parameters as follows if you are using the console.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      Observing the Auto Scaling Process
                                                                                                                                                                                                      1. Check the cluster node status. In the following example, there are two nodes.
                                                                                                                                                                                                        # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
@@ -146,7 +146,7 @@ hpa-policy   Deployment/hpa-example   81%/50%    1         100       7
 hpa-policy   Deployment/hpa-example   57%/50%    1         100       7          9m16s
 hpa-policy   Deployment/hpa-example   51%/50%    1         100       7          10m
 hpa-policy   Deployment/hpa-example   58%/50%    1         100       7          11m
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        You can see that the CPU usage of the workload is 190% at 4m23s, which exceeds the target value. In this case, scaling is triggered to expand the workload to four replicas/pods. In the subsequent several minutes, the CPU usage does not decrease until 7m16s. This is because the new pods may not be successfully created. The possible cause is that resources are insufficient and the pods are in Pending state. During this period, nodes are added.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        You can see that the CPU usage of the workload is 190% at 4m23s, which exceeds the target value. In this case, scaling is triggered to expand the workload to four replicas/pods. In the subsequent several minutes, the CPU usage does not decrease until 7m16s. This is because the new pods may not be successfully created. The possible cause is that resources are insufficient and the pods are in the pending state. During this period, nodes are being scaled out.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        At 7m16s, the CPU usage decreases, indicating that the pods are successfully created and start to bear traffic. The CPU usage decreases to 81% at 8m, still greater than the target value (50%) and the high threshold (70%). Therefore, 7 pods are added at 9m16s, and the CPU usage decreases to 51%, which is within the range of 30% to 70%. From then on, the number of pods remains 7.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        In the following output, you can see the workload scaling process and the time when the HPA policy takes effect.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        # kubectl describe deploy hpa-example
@@ -213,7 +213,7 @@ Events:
 
                                                                                                                                                                                                        The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace (and these pods are not created by DaemonSets). For details, see Node Scaling Mechanisms.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Summary
                                                                                                                                                                                                      Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Summary
                                                                                                                                                                                                      By using HPA and CA, auto scaling can be effortlessly implemented in various scenarios. Additionally, the scaling process of nodes and pods can be conveniently tracked.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00284.html b/docs/cce/umn/cce_bestpractice_00284.html
index c199bf6b3..8a5149668 100644
--- a/docs/cce/umn/cce_bestpractice_00284.html
+++ b/docs/cce/umn/cce_bestpractice_00284.html
@@ -2,10 +2,10 @@
 
 
                                                                                                                                                                                                      Scheduling EVS Disks Across AZs Using csi-disk-topology
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Background
                                                                                                                                                                                                      EVS disks cannot be attached to a node deployed in another AZ. For example, the EVS disks in AZ 1 cannot be attached to a node in AZ 2. If the storage class csi-disk is used for StatefulSets, when a StatefulSet is scheduled, a PVC and a PV are created immediately (an EVS disk is created along with the PV), and then the PVC is bound to the PV. However, when the cluster nodes are located in multiple AZs, the EVS disk created by the PVC and the node to which the pods are scheduled may be in different AZs. As a result, the pods fail to be scheduled.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      CCE provides a storage class named csi-disk-topology, which is a late-binding EVS disk type. When you use this storage class to create a PVC, no PV will be created in pace with the PVC. Instead, the PV is created in the AZ of the node where the pod will be scheduled. An EVS disk is then created in the same AZ to ensure that the EVS disk can be attached and the pod can be successfully scheduled.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Failed Pod Scheduling Due to csi-disk Used in Cross-AZ Node Deployment
                                                                                                                                                                                                      Create a cluster with three nodes in different AZs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Use the csi-disk storage class to create a StatefulSet and check whether the workload is successfully created.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0050.html b/docs/cce/umn/cce_bestpractice_0050.html
index 69435e8c6..f57946ad9 100644
--- a/docs/cce/umn/cce_bestpractice_0050.html
+++ b/docs/cce/umn/cce_bestpractice_0050.html
@@ -7,6 +7,8 @@
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0053.html b/docs/cce/umn/cce_bestpractice_0053.html
index 8adf7788e..3a2f673c4 100644
--- a/docs/cce/umn/cce_bestpractice_0053.html
+++ b/docs/cce/umn/cce_bestpractice_0053.html
@@ -6,9 +6,9 @@
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Expanding the Storage Space
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
-
                                                                                                                                                                                                      • Mounting an Object Storage Bucket of a Third-Party Tenant
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Mounting Object Storage Across Accounts
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
-
                                                                                                                                                                                                      • Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Dynamically Creating an SFS Turbo Subdirectory Using StorageClass
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
 
                                                                                                                                                                                                      • Changing the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
diff --git a/docs/cce/umn/cce_bestpractice_0055.html b/docs/cce/umn/cce_bestpractice_0055.html
index 3c45e6654..4e263d7a3 100644
--- a/docs/cce/umn/cce_bestpractice_0055.html
+++ b/docs/cce/umn/cce_bestpractice_0055.html
@@ -6,6 +6,8 @@
 
 
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0107.html b/docs/cce/umn/cce_bestpractice_0107.html
index 9bff36c8c..c344a529b 100644
--- a/docs/cce/umn/cce_bestpractice_0107.html
+++ b/docs/cce/umn/cce_bestpractice_0107.html
@@ -549,7 +549,7 @@ spec:
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        Replace the example file name pvc-example.yaml in the preceding commands with the names of the YAML files configured in 2 and 3.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Run the kubectl edit command to edit the StatefulSet and use the newly created PVC.
                                                                                                                                                                                                        kubectl edit sts sts-example -n xxx
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        Replace sts-example in the preceding command with the actual name of the StatefulSet to upgrade. xxx indicates the namespace to which the StatefulSet belongs.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Wait until the pods are running.
                                                                                                                                                                                                        • 
diff --git a/docs/cce/umn/cce_bestpractice_0300.html b/docs/cce/umn/cce_bestpractice_0300.html
new file mode 100644
index 000000000..f9fbb7bef
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0300.html
@@ -0,0 +1,90 @@
+
+
+
                                                                                                                                                                                                        Performing Cluster Namespace RBAC
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Background
                                                                                                                                                                                                        CCE permissions are classified into cluster permissions and namespace permissions. Namespace permissions are based on Kubernetes RBAC and can be used to grant permissions on resources in clusters and namespaces.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Currently, the CCE console provides four types of namespace-level ClusterRole permissions by default: cluster-admin, admin, edit, and view. However, these permissions apply to resources in the namespace regardless of resource types (pods, Deployments, and Services).
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        Kubernetes RBAC enables you to easily control permissions on namespace resources.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                                                                                                                                                                                        • RoleBinding: defines the relationship between users and roles.
                                                                                                                                                                                                        • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                                                                                                                                                                                        • ClusterRoleBinding: defines the relationship between users and cluster roles.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. See the following figure.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 1 Role binding
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The user in the preceding figure can be an IAM user or user group in CCE. You can efficiently control permissions on namespace resources through RoleBindings.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The section describes how to use Kubernetes RBAC to grant user user-example with the permission for viewing pods. (This is the only permission the user has.)
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        RBAC is supported only on clusters of v1.11.7-r2 or later.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Creating an IAM User and User Group
                                                                                                                                                                                                        Log in to the IAM console and create an IAM user named user-example and a user group named cce-role-group. For details about how to create an IAM user and user group, see Creating a User and Adding the User to a User Group and Creating a User Group and Assigning Permissions.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Grant the CCE FullAccess permission to the cce-role-group user group. For details about how to grant permissions to a user group, see Creating a User Group and Assigning Permissions.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CCE FullAccess has the permissions for cluster operations (such as cluster creation), but does not have the permissions to operate Kubernetes resources (such as viewing pods).
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Creating a Cluster
                                                                                                                                                                                                        Log in to CCE and create a cluster.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                         
                                                                                                                                                                                                        Do not use IAM user user-example to create a cluster because CCE automatically assigns the cluster-admin permissions of all namespaces in the cluster to the user who creates the cluster. That is, the user can fully control the resources in the cluster and all its namespaces.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Log in to the CCE console as IAM user user-example, download the kubectl configuration file in the cluster and access the cluster. Run the following command to obtain the pod information. The output shows that user-example does not have the permission to view the pods or other resources. This indicates that user-example does not have the permissions to operate Kubernetes resources.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        # kubectl get pod
+Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "default"
+# kubectl get deploy
+Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Creating a Role and RoleBinding
                                                                                                                                                                                                        Log in to the CCE console, download the kubectl configuration file in the cluster and access the cluster, and create a Role and RoleBinding.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                         
                                                                                                                                                                                                        Log in as the account used to create the cluster because CCE automatically assigns the cluster-admin permissions to the account, which means that the account has the permissions to create Roles and RoleBindings. Alternatively, you can use IAM users who have the permissions to create Roles and RoleBindings.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The procedure for creating a Role is very simple. To be specific, specify a namespace and then define rules. The rules in the following example are to allow GET and LIST operations on pods in the default namespace.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: default                          # Namespace
+  name: role-example
+rules:
+- apiGroups: [""]
+  resources: ["pods"]                         # The pod can be accessed.
+  verbs: ["get", "list"]                      # The GET and LIST operations can be performed.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • apiGroups indicates the API group to which the resource belongs.
                                                                                                                                                                                                        • resources indicates the resources that can be operated. Pods, Deployments, ConfigMaps, and other Kubernetes resources are supported.
                                                                                                                                                                                                        • verbs indicates the operations that can be performed. get indicates querying a specific object, and list indicates listing all objects of a certain type. Other value options include create, update, and delete.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        For details, see Using RBAC Authorization.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        After creating a Role, you can bind the Role to a specific user, which is called RoleBinding. The following shows an example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: RoleBinding-example
+  namespace: default
+  annotations:
+    CCE.com/IAM: 'true'
+roleRef:
+  kind: Role
+  name: role-example
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: User
+  name: 0c97ac3cb280f4d91fa7c0096739e1f8    # IAM user ID
+  apiGroup: rbac.authorization.k8s.io
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The subjects section binds a Role with an IAM user so that the IAM user can obtain the permissions defined in the Role, as shown in the following figure.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 2 Binding a role to a user
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        You can also specify a user group in the subjects section. In this case, all users in the user group obtain the permissions defined in the Role.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        subjects:
+- kind: Group
+  name: 0c96fad22880f32a3f84c009862af6f7    # User group ID
+  apiGroup: rbac.authorization.k8s.io
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Verification
                                                                                                                                                                                                        Use IAM user user-example to connect to the cluster and view the pods. The pods can be viewed.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        # kubectl get pod
+NAME                                   READY   STATUS    RESTARTS   AGE
+nginx-658dff48ff-7rkph                 1/1     Running   0          4d9h
+nginx-658dff48ff-njdhj                 1/1     Running   0          4d9h
+# kubectl get pod nginx-658dff48ff-7rkph
+NAME                     READY   STATUS    RESTARTS   AGE
+nginx-658dff48ff-7rkph   1/1     Running   0          4d9h
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Try querying Deployments and Services in the namespace. The output shows user-example does not have the corresponding permissions. Try querying the pods in namespace kube-system. The output shows user-example does not have the corresponding permission, either. This indicates that the IAM user user-example has only the GET and LIST Pod permissions in the default namespace, which is the same as expected.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        # kubectl get deploy
+Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"
+# kubectl get svc
+Error from server (Forbidden): services is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "services" in API group "" in the namespace "default"
+# kubectl get pod --namespace=kube-system
+Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "kube-system"
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Permission
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_bestpractice_0307.html b/docs/cce/umn/cce_bestpractice_0307.html
index 933e75aa0..2c89db055 100644
--- a/docs/cce/umn/cce_bestpractice_0307.html
+++ b/docs/cce/umn/cce_bestpractice_0307.html
@@ -53,9 +53,9 @@
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Figure 1 shows the migration process. You can migrate resources outside a cluster as required.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 1 Migration solution diagram
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 Migration solution diagram
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Migration Process
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Migration Process
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The cluster migration process is as follows:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Plan resources for the target cluster.
                                                                                                                                                                                                        For details about the differences between CCE clusters and on-premises clusters, see Key Performance Parameter in Planning Resources for the Target Cluster. Plan resources as required and ensure that the performance configuration of the target cluster is the same as that of the source cluster.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      2. Migrate resources outside a cluster.
                                                                                                                                                                                                        To migrate resources outside the cluster, see Migrating Resources Outside a Cluster.
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0310.html b/docs/cce/umn/cce_bestpractice_0310.html
index b2ee83dd7..6583352f5 100644
--- a/docs/cce/umn/cce_bestpractice_0310.html
+++ b/docs/cce/umn/cce_bestpractice_0310.html
@@ -2,13 +2,13 @@
 
 
                                                                                                                                                                                                        Installing the Migration Tool
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Velero is an open-source backup and migration tool for Kubernetes clusters. With Restic's PV data backup capability integrated into it, Velero can back up Kubernetes resource objects (such as Deployments, jobs, Services, and ConfigMaps) in source clusters and data in PVs mounted to pods and uploaded them to object storage. When a disaster occurs or migration is required, a target cluster can obtain the corresponding backup data from the object storage using Velero and restore cluster resources as required.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        According to Migration Solution, prepare temporary object storage to store backup files before the migration. Velero supports OBS or MinIO as the object storage. The object storage requires sufficient storage space for storing backup files. You can estimate the storage space based on your cluster scale and data volume. OBS buckets are recommended for data backup. For details about how to deploy Velero, see Installing Velero.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        According to Migration Solution, prepare temporary object storage to store backup files before the migration. Velero supports OBS or MinIO as the object storage. The object storage requires sufficient storage space for storing backup files. You can estimate the storage space based on your cluster scale and data volume. OBS buckets are recommended for data backup. For details about how to deploy Velero, see Installing Velero.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.
                                                                                                                                                                                                        • If you use OBS to store backup files, obtain the AK/SK of a user who has the right to operate OBS. For details, see Access Keys.
                                                                                                                                                                                                        • If you use MinIO to store backup files, bind an EIP to the server where MinIO is installed and enable the API and console port of MinIO in the security group.
                                                                                                                                                                                                        • The target CCE cluster has been created.
                                                                                                                                                                                                        • The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GiB memory or higher.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        (Optional) Installing MinIO
                                                                                                                                                                                                        MinIO is an open-source, high-performance object storage tool compatible with the S3 API protocol. If MinIO is used to store backup files for cluster migration, you need a temporary server to deploy MinIO and provide services for external systems. If you use OBS to store backup files, skip this section and go to Installing Velero.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        MinIO can be installed in any of the following locations:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • Temporary ECS outside the cluster
                                                                                                                                                                                                          If the MinIO server is installed outside the cluster, backup files will not be affected when a catastrophic fault occurs in the cluster.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        • Idle nodes in the cluster
                                                                                                                                                                                                          You can remotely log in to a node and install MinIO or install the containerized MinIO. For details, see Velero official documentation.
                                                                                                                                                                                                           
                                                                                                                                                                                                          For example, to install MinIO in a container, run the following command:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Idle nodes in the cluster
                                                                                                                                                                                                          You can remotely log in to a node to install MinIO or install the containerized MinIO. For details, see Velero official document.
                                                                                                                                                                                                           
                                                                                                                                                                                                          For example, to install MinIO in a container, run the following command:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • The storage type in the YAML file provided by Velero is emptyDir. You are advised to change the storage type to HostPath or Local. Otherwise, backup files will be permanently lost after the container is restarted.
                                                                                                                                                                                                          • Ensure that the MinIO service is accessible externally. Otherwise, backup files cannot be downloaded outside the cluster. You can change the Service type to NodePort or use other types of public network access Services.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
@@ -20,7 +20,7 @@ mkdir /opt/miniodata
 cd /opt/minio
 wget https://dl.minio.io/server/minio/release/linux-amd64/minio
 chmod +x minio
-
                                                                                                                                                                                                        • Set the username and password of MinIO.
                                                                                                                                                                                                          The username and password configured using this method are temporary environment variables and must be reset after the service is restarted. Otherwise, the default root credential minioadmin:minioadmin will be used to create the service.
                                                                                                                                                                                                          export MINIO_ROOT_USER=minio
+
                                                                                                                                                                                                        • Set the username and password of MinIO.
                                                                                                                                                                                                          The username and password set using this method are temporary environment variables and must be reset after the service is restarted. Otherwise, the default root credential minioadmin:minioadmin will be used to create the service.
                                                                                                                                                                                                          export MINIO_ROOT_USER=minio
 export MINIO_ROOT_PASSWORD=minio123
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • Create a service. In the command, /opt/miniodata/ indicates the local disk path for MinIO to store data.
                                                                                                                                                                                                          The default API port of MinIO is 9000, and the console port is randomly generated. You can use the --console-address parameter to specify a console port.
                                                                                                                                                                                                          ./minio server /opt/miniodata/ --console-address ":30840" &
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0312.html b/docs/cce/umn/cce_bestpractice_0312.html
index 842c622f3..2c76f6408 100644
--- a/docs/cce/umn/cce_bestpractice_0312.html
+++ b/docs/cce/umn/cce_bestpractice_0312.html
@@ -7,13 +7,13 @@
 
                                                                                                                                                                                                        • Run the following command to modify the workload and replace the image field in the YAML file with the image path:
                                                                                                                                                                                                          kubectl edit deploy wordpress
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • Check the running status of the workload.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Updating Services
                                                                                                                                                                                                      After the cluster is migrated, the Service of the source cluster may fail to take effect. You can perform the following steps to update the Service. If ingresses are configured in the source cluster, connect the new cluster to ELB again after the migration. For details, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Updating Services
                                                                                                                                                                                                      After the cluster is migrated, the Service of the source cluster may fail to take effect. You can perform the following steps to update the Service. If ingresses are configured in the source cluster, connect the new cluster to ELB again after the migration. For details, see Using kubectl to Create a LoadBalancer Ingress.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Connect to the cluster using kubectl.
                                                                                                                                                                                                      2. Edit the YAML file of the corresponding Service to change the Service type and port number.
                                                                                                                                                                                                        kubectl edit svc wordpress
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        To update load balancer resources, connect to ELB again. Add the annotations by following the procedure described in LoadBalancer.
                                                                                                                                                                                                        annotations: 
+
                                                                                                                                                                                                        To update load balancer resources, connect to ELB again. Add the annotations by following the procedure described in Creating a LoadBalancer Service.
                                                                                                                                                                                                        annotations: 
   kubernetes.io/elb.class: union # Shared load balancer
   kubernetes.io/elb.id: 9d06a39d-xxxx-xxxx-xxxx-c204397498a3    # Load balancer ID, which can be queried on the ELB console.
-  kubernetes.io/elb.subnet-id: f86ba71c-xxxx-xxxx-xxxx-39c8a7d4bb36    # ID of the cluster where the subnet resides
-  kubernetes.io/session-affinity-mode: SOURCE_IP    # Enable the sticky session based on the source IP address.
                                                                                                                                                                                                        
+  kubernetes.io/elb.subnet-id: f86ba71c-xxxx-xxxx-xxxx-39c8a7d4bb36    # ID of the subnet where the load balancer resides
+  kubernetes.io/elb.session-affinity-mode: SOURCE_IP    # Enable the sticky session based on the source IP address.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Use a browser to check whether the Service is available.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -42,7 +42,7 @@ configmap/change-storageclass-plugin-config created
 
                                                                                                                                                                                                      Information similar to the following is displayed:
                                                                                                                                                                                                      NAME                PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
 csi-disk            everest-csi-provisioner         Delete          Immediate              true                   3d23h
 csi-disk-topology   everest-csi-provisioner         Delete          WaitForFirstConsumer   true                   3d23h
-csi-nas             everest-csi-provisioner         Delete          Immediate              true                   3d23h
+csi-sfs             everest-csi-provisioner         Delete          Immediate              false                   3d23h
 csi-obs             everest-csi-provisioner         Delete          Immediate              false                  3d23h
 csi-sfsturbo        everest-csi-provisioner         Delete          Immediate              true                   3d23h
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -63,7 +63,7 @@ csi-sfsturbo        everest-csi-provisioner         Delete          Immediate
 
                                                                                                                                                                                                      
-
diff --git a/docs/cce/umn/cce_bestpractice_0313.html b/docs/cce/umn/cce_bestpractice_0313.html
index ecb1347b1..90f7c4a53 100644
--- a/docs/cce/umn/cce_bestpractice_0313.html
+++ b/docs/cce/umn/cce_bestpractice_0313.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                                      Performing Additional Tasks
                                                                                                                                                                                                      Verifying Application Functions
                                                                                                                                                                                                      Cluster migration involves full migration of application data, which may cause intra-application adaptation problems. In this example, after the cluster is migrated, the redirection link of the article published in WordPress is still the original domain name. If you click the article title, you will be redirected to the application in the source cluster. Therefore, search for the original domain name in WordPress and replace it with the new domain name, change the values of site_url and primary URL in the database. For details, see Changing The Site URL.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Access the new address of the WordPress application. If the article published before the migration is displayed, the data of the persistent volume is successfully restored.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Switching Live Traffic to the Target Cluster
                                                                                                                                                                                                      O&M personnel switch DNS to direct live traffic to the target cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • DNS traffic switching: Adjust the DNS configuration to switch traffic.
                                                                                                                                                                                                      • Client traffic switching: Upgrade the client code or update the configuration to switch traffic.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0315.html b/docs/cce/umn/cce_bestpractice_0315.html
index 5301ac812..917d80479 100644
--- a/docs/cce/umn/cce_bestpractice_0315.html
+++ b/docs/cce/umn/cce_bestpractice_0315.html
@@ -12,10 +12,16 @@
 
 
                                                                                                                                                                                                    31. Configuration Suggestions on CCE Node Security
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      32. 
+
                                                                                                                                                                                                    32. Configuration Suggestions on CCE Container Runtime Security
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      33. 
 
                                                                                                                                                                                                    33. Configuration Suggestions on CCE Container Security
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      34. 
+
                                                                                                                                                                                                    34. Configuration Suggestions on CCE Container Image Security
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      35. 
 
                                                                                                                                                                                                    35. Configuration Suggestions on CCE Secret Security
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      36. 
+
                                                                                                                                                                                                    36. Configuration Suggestions on CCE Workload Identity Security
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      37. 
 
 
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0317.html b/docs/cce/umn/cce_bestpractice_0317.html
index 35c86b8ce..db2a1513c 100644
--- a/docs/cce/umn/cce_bestpractice_0317.html
+++ b/docs/cce/umn/cce_bestpractice_0317.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                      Configuration Suggestions on CCE Cluster Security
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For security purposes, you are advised to configure a cluster as follows.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      To ensure security, it is recommended that you configure a cluster in the following manner.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Using the CCE Cluster of the Latest Version
                                                                                                                                                                                                      Kubernetes releases a major version in about four months. CCE follows the same frequency as Kubernetes to release major versions. To be specific, a new CCE version is released about three months after a new Kubernetes version is released in the community. For example, Kubernetes v1.19 was released in September 2020 and CCE v1.19 was released in March 2021.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The latest cluster version has known vulnerabilities fixed or provides a more comprehensive security protection mechanism. You are advised to select the latest cluster version when creating a cluster. Before a cluster version is deprecated and removed, upgrade your cluster to a supported version.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -78,7 +78,7 @@ spec:
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Configuring Network Isolation in a Cluster
                                                                                                                                                                                                      • Container tunnel network
                                                                                                                                                                                                        If networks need to be isolated between namespaces in a cluster or between workloads in the same namespace, you can configure network policies to isolate the networks. 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Cloud Native 2.0 network
                                                                                                                                                                                                        In the Cloud Native Network 2.0 model, you can configure security groups to isolate networks between pods. For details, see SecurityGroups.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Cloud Native 2.0 network
                                                                                                                                                                                                        In the Cloud Native Network 2.0 model, you can configure security groups to isolate networks between pods. For details, see Binding a Security Group to a Workload Using a Security Group Policy.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • VPC network
                                                                                                                                                                                                        Network isolation is not supported.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -86,7 +86,7 @@ spec:
 
                                                                                                                                                                                                      Upgrade the CCE cluster version to 1.13 or 1.15 and enable the RBAC capability for the cluster. If the version is 1.13 or later, no upgrade is required.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      When creating a node, you can enable the kubelet authentication mode by injecting the postinstall file (by setting the kubelet startup parameter --authorization-node=Webhook).
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Run the following command to create clusterrolebinding:
                                                                                                                                                                                                        kubectl create clusterrolebinding kube-apiserver-kubelet-admin --clusterrole=system:kubelet-api-admin --user=system:kube-apiserver
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Run the following command to create a ClusterRoleBinding:
                                                                                                                                                                                                          kubectl create clusterrolebinding kube-apiserver-kubelet-admin --clusterrole=system:kubelet-api-admin --user=system:kube-apiserver
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        2. For an existing node, log in to the node, change authorization mode in /var/paas/kubernetes/kubelet/kubelet_config.yaml on the node to Webhook, and restart kubelet.
                                                                                                                                                                                                          sed -i s/AlwaysAllow/Webhook/g /var/paas/kubernetes/kubelet/kubelet_config.yaml; systemctl restart kubelet
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        3. For a new node, add the following command to the post-installation script to change the kubelet permission mode:
                                                                                                                                                                                                          sed -i s/AlwaysAllow/Webhook/g /var/paas/kubernetes/kubelet/kubelet_config.yaml; systemctl restart kubelet
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0319.html b/docs/cce/umn/cce_bestpractice_0319.html
index bab99a87f..9dd8c0e10 100644
--- a/docs/cce/umn/cce_bestpractice_0319.html
+++ b/docs/cce/umn/cce_bestpractice_0319.html
@@ -64,11 +64,16 @@ spec:
           name: tmpfs-example-001 
 
                                                                                                                                                                                                          4. 
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Restricting the Access of Containers to the Management Plane
                                                                                                                                                                                                      If application containers on a node do not need to access Kubernetes, you can perform the following operations to disable containers from accessing kube-apiserver:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Query the container CIDR block and private API server address.
                                                                                                                                                                                                        On the Clusters page of the CCE console, click the name of the cluster to find the information on the details page.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Restricting the Access of Service Containers to the Management Plane
                                                                                                                                                                                                        To avoid unnecessary service interruption when restricting the service containers on a node from accessing the Kubernetes management plane, consider the following:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Check whether any containers on the node require access to the cluster management plane.
                                                                                                                                                                                                          Once you have restricted the service containers on the node from accessing the management plane, all containers on that node will be unable to access the kube-apiserver of the cluster. Before making the configuration, make sure that none of the containers on the node need to access the kube-apiserver of the cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Keep in mind that certain CCE add-ons, like CCE Advanced HPA, still require access to kube-apiserver. It is not recommended that you configure the access restriction on a node where such add-ons are running.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Configure taints and affinity for the node.
                                                                                                                                                                                                          If the service containers on the node do not need to access kube-apiserver, it is recommended that you configure labels and taints for the node. Additionally, configure taints, tolerations, and node affinity for the containers on the node. This will prevent other containers from being scheduled to that node, thus avoiding service exceptions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        To restrict the service containers on a node from accessing the management plane, take the following steps:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Obtain the container CIDR block and private API server address.
                                                                                                                                                                                                          On the Clusters page of the CCE console, click the name of the cluster to find the information on the details page.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. Configure access rules.
                                                                                                                                                                                                          • CCE cluster: Log in to each node in the cluster as user root and run the following command:
                                                                                                                                                                                                            • VPC network:
                                                                                                                                                                                                              iptables -I OUTPUT -s {container_cidr} -d {Private API server IP} -j REJECT
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            • Container tunnel network:
                                                                                                                                                                                                              iptables -I FORWARD -s {container_cidr} -d {Private API server IP} -j REJECT
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            • Configure access rules.
                                                                                                                                                                                                              • CCE cluster: Log in to each node in the cluster as user root and run the following command:
                                                                                                                                                                                                                • VPC network
                                                                                                                                                                                                                  iptables -I OUTPUT -s {container_cidr} -d {Private API server IP} -j REJECT
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Container tunnel network
                                                                                                                                                                                                                  iptables -I FORWARD -s {container_cidr} -d {Private API server IP} -j REJECT
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                {container_cidr} indicates the container CIDR of the cluster, for example, 10.0.0.0/16.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                To ensure configuration persistence, write the command to the /etc/rc.local script.
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_0320.html b/docs/cce/umn/cce_bestpractice_0320.html
index 67673d485..670f75ab4 100644
--- a/docs/cce/umn/cce_bestpractice_0320.html
+++ b/docs/cce/umn/cce_bestpractice_0320.html
@@ -48,7 +48,7 @@ spec:
       mountPath: "/etc/secret-volume"
 
                                                                                                                                                                                                                In this way, .secret-file cannot be seen by running ls -l in the /etc/secret-volume/ directory, but can be viewed by running ls -al.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              • Encrypt sensitive information before creating a secret and decrypt the information when using it.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Using a Bound ServiceAccount Token to Access a Cluster
                                                                                                                                                                                                        The secret-based ServiceAccount token does not support expiration time or auto update. In addition, after the mounting pod is deleted, the token is still stored in the secret. Token leakage may incur security risks. A bound ServiceAccount token is recommended for CCE clusters of version 1.23 or later. In this mode, the expiration time can be set and is the same as the pod lifecycle, reducing token leakage risks. Example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Using a Bound ServiceAccount Token to Access a Cluster
                                                                                                                                                                                                        The secret-based ServiceAccount token does not support expiration time or auto update. In addition, after the mounting pod is deleted, the token is still stored in the secret. Token leakage may incur security risks. A bound ServiceAccount token is recommended for CCE clusters of version 1.23 or later. In this mode, the expiration time can be set and is the same as the pod lifecycle, reducing token leakage risks. An example is as follows:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        apiVersion: apps/v1
 kind: Deployment
 metadata:
diff --git a/docs/cce/umn/cce_bestpractice_0324.html b/docs/cce/umn/cce_bestpractice_0324.html
index d6e6487b5..d66fab20b 100644
--- a/docs/cce/umn/cce_bestpractice_0324.html
+++ b/docs/cce/umn/cce_bestpractice_0324.html
@@ -4,13 +4,14 @@
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Background
                                                                                                                                                                                                        GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private projects. Similar to GitHub, GitLab allows you to browse source code, manage bugs and comments, and control team member access to repositories. You will find it very easy to view committed versions and file history database. Team members can communicate with each other using the built-in chat program (Wall).
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        GitLab provides powerful CI/CD functions and is widely used in software development.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 1 GitLab CI/CD process
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 1 GitLab CI/CD process
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        This section describes how to interconnect GitLab with SWR and CCE for CI/CD.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Preparations
                                                                                                                                                                                                        1. Create a CCE cluster and a node and bind an EIP to the node for downloading an image during GitLab Runner installation.
                                                                                                                                                                                                        2. Download and configure kubectl to connect to the cluster.
                                                                                                                                                                                                        3. Install Helm 3.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Preparations
                                                                                                                                                                                                        1. Create a CCE cluster and a node and bind an EIP to the node for downloading an image during GitLab Runner installation.
                                                                                                                                                                                                        2. Download and configure kubectl to connect to the cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Install Helm 3.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Installing GitLab Runner
                                                                                                                                                                                                        Log in to GitLab, choose Settings > CI/CD in the project view, click Expand next to Runners, and search for the GitLab Runner registration URL and token.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Create the values.yaml file and fill in the following information:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        # Registration URL
 gitlabUrl: https://gitlab.com/
@@ -26,7 +27,7 @@ runners:
 
                                                                                                                                                                                                        helm repo add gitlab https://charts.gitlab.io 
 helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runner --version=0.43.1
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        After the installation, you can obtain the gitlab-runner workload on the CCE console and view the connection information in GitLab later.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Creating an Application
                                                                                                                                                                                                        Place the application to be created in the GitLab project repository. This section takes Nginx modification as an example. For details, visit https://gitlab.com/c8147/cidemo/-/tree/main.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The following files are included:
                                                                                                                                                                                                        
@@ -35,26 +36,26 @@ helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runne
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Configuring Global Variables
                                                                                                                                                                                                        When using pipelines, build an image, upload it to SWR, and run kubectl commands to deploy the image in the cluster. Before performing these operations, you must log in to SWR and obtain the credential for connecting to the cluster. You can define the information as variables in GitLab.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Log in to GitLab, choose Settings > CI/CD in the project view, and click Expand next to Variables to add variables.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • kube_config
                                                                                                                                                                                                          kubeconfig.json file used for kubectl command authentication. Run the following command on the host where kubectl is configured to convert the file to the Base64 format:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          echo $(cat ~/.kube/config | base64) | tr -d " "
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          The command output is the content of kubeconfig.json.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        • project: project name.
                                                                                                                                                                                                          Log in to the management console, hover over your username in the upper right corner, and choose My Credentials. In the Projects area on the API Credentials page, check the name of the project in your current region.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        • swr_ak: access key.
                                                                                                                                                                                                          Log in to the management console, hover over your username in the upper right corner, and choose My Credentials. In the navigation pane, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • project: project name.
                                                                                                                                                                                                          Log in to the management console, hover the cursor on your username in the upper right corner, and choose My Credentials. In the Projects area on the API Credentials page, check the name of the project in your current region.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • swr_ak: access key.
                                                                                                                                                                                                          Log in to the management console, hover the cursor on your username in the upper right corner, and choose My Credentials. In the navigation pane, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • swr_sk: secret key for logging in to SWR.
                                                                                                                                                                                                          Run the following command to obtain the key pair. Replace $AK and $SK with the AK and SK obtained in the preceding steps.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          The command output displays the login key pair.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Creating a Pipeline
                                                                                                                                                                                                        Log in to Gitlab and add the .gitlab-ci.yml file to Repository.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The content is as follows:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        # Define pipeline stages, including package, build, and deploy.
 stages:
   - package  
   - build
   - deploy
-# If no image is specified in each stage, the default image docker:latest is used.
+# If no image is specified in each stage, the default image docker:latest is used.
 image: docker:latest
 # In the package stage, only printing is performed.
 package:
@@ -95,24 +96,18 @@ deploy:
     # Deploy an application.
     - kubectl apply -f k8s.yaml
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        After the .gitlab-ci.yml file is saved, the pipeline is started immediately. You can view the pipeline execution status in GitLab.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Verifying Deployment
                                                                                                                                                                                                        After the pipeline is deployed, locate the nginx-test Service on the CCE console, query its access address, and run the curl command to access the Service.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        # curl xxx.xxx.xxx.xxx:31111
 Hello Gitlab!
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        If the preceding information is displayed, the deployment is correct.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Common Issues
                                                                                                                                                                                                        • If the following problem occurs during the deployment:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Common Issues
                                                                                                                                                                                                          • If the following problem occurs during the deployment:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Or
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Check whether the following commands are missing in the .gitlab-ci.yml file. If yes, add them to the .gitlab-ci.yml file.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            ...
-deploy:
-  # Use the kubectl image.
-  image: 
-    name: bitnami/kubectl:latest
-    entrypoint: [""]
-  stage: deploy
   script:
     # Configure the kubeconfig file.
     - mkdir -p $HOME/.kube
@@ -120,9 +115,10 @@ deploy:
     - echo $kube_config |base64 -d > $KUBECONFIG
     # Replace the image in the k8s.yaml file.
 ...
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • If Docker cannot be executed, information similar to the following will display.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • If Docker cannot be executed, information similar to the following will display.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            The privileged: true parameter fails to be transferred during GitLab Runner installation. As a result, you do not have the permission to run the docker command. To resolve this issue, find GitLab Runner in the workload list on the CCE console, add the environment variable KUBERNETES_PRIVILEGED, and set its value to true.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_0333.html b/docs/cce/umn/cce_bestpractice_0333.html
new file mode 100644
index 000000000..f56c6deb3
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_0333.html
@@ -0,0 +1,123 @@
+
+
+
                                                                                                                                                                                                        Configuration Suggestions on CCE Workload Identity Security
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        A workload identity enables workloads within a cluster to act as IAM users, granting them access to cloud services without the need for an IAM account's AK and SK. This helps to minimize security risks.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        This section describes how to use workload identities in CCE.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Notes and Constraints
                                                                                                                                                                                                        The cluster version must be 1.19.16 or later.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Procedure
                                                                                                                                                                                                        1. Obtain the public key of the cluster serviceAccountToken from CCE. For details, see Step 1: Obtain the Public Key for Signature of the CCE Cluster.
                                                                                                                                                                                                        2. Create an identity provider on IAM. For details, see Step 2: Configure an Identity Provider.
                                                                                                                                                                                                        3. Obtain an IAM token from the workload to simulate an IAM user to access a cloud service. For details, see Step 3: Use a Workload Identity.
                                                                                                                                                                                                          The procedure is as follows:
                                                                                                                                                                                                          1. Deploy the application pod and obtain the OpenID Connect ID token file by mounting the identity provider.
                                                                                                                                                                                                          2. Use the mounted OpenID Connect ID token file in programs in the pod to access IAM and obtain a temporary IAM token.
                                                                                                                                                                                                          3. Access the cloud service using the IAM token in programs in the pod.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Figure 1 Workflow
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 1: Obtain the Public Key for Signature of the CCE Cluster
                                                                                                                                                                                                        1. Use kubectl to access the target cluster.
                                                                                                                                                                                                        2. Obtain the public key:
                                                                                                                                                                                                          kubectl get --raw /openid/v1/jwks
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          # kubectl get --raw /openid/v1/jwks
+{"keys":[{"use":"sig","kty":"RSA","kid":"*****","alg":"RS256","n":"*****","e":"AQAB"}]}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The returned field is the public key of the cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 2: Configure an Identity Provider
                                                                                                                                                                                                        1. Log in to the IAM console, choose Identity Providers in the navigation pane, and click Create Identity Provider in the upper right corner. On the displayed page, set Protocol to OpenID Connect and SSO Type to Virtual user and click OK.
                                                                                                                                                                                                        2. In the identity provider list, locate the row containing the new identity provider and click Modify in the Operation column to modify the identity provider information.
                                                                                                                                                                                                          Access Type: Select Programmatic access.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Configuration Information
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          Identity Conversion Rules
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          An identity conversion rule maps the ServiceAccount of a workload to IAM user.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          For example, create a ServiceAccount named oidc-token in namespace default of the cluster and map it to user group demo. If you use the identity provider ID to access cloud services, you have the permissions of the demo user group. The attribute must be sub. The value format is system:serviceaccount:Namespace:ServiceAccountName.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Rules are in the JSON format as follows:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          [
+    {
+        "local": [
+            {
+                "user": {
+                    "name": "test"
+                }
+            },
+            {
+                "group": {
+                    "name": "demo"
+                }
+            }
+        ],
+        "remote": [
+            {
+                "type": "sub",
+                "any_one_of": [
+                    "system:serviceaccount:default:oidc-token"
+                ]
+            }
+        ]
+    }
+]
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Click OK.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Step 3: Use a Workload Identity
                                                                                                                                                                                                        1. Create a ServiceAccount, whose name must be the value of ServiceAccountName set in Step 2: Configure an Identity Provider.
                                                                                                                                                                                                          apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: oidc-token
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Mount the identity provider to the workload and obtain the OpenID Connect ID token file.
                                                                                                                                                                                                          An example is as follows:
                                                                                                                                                                                                          apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: nginx
+        version: v1
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - mountPath: "/var/run/secrets/tokens"     # Mount the serviceAccountToken generated by Kubernetes to the /var/run/secrets/tokens/oidc-token file.
+          name: oidc-token
+      imagePullSecrets:
+      - name: default-secret
+      serviceAccountName: oidc-token      # Name of the created ServiceAccount
+      volumes:
+      - name: oidc-token
+        projected:
+          defaultMode: 420
+          sources:
+          - serviceAccountToken:
+              audience: client_id   # Must be the client ID of the identity provider.
+              expirationSeconds: 7200       # Expiry period
+              path: oidc-token              # Path name, which can be customized
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. After the creation is complete, log in to the container. The content of the /var/run/secrets/tokens/oidc-token file is the serviceAccountToken generated by Kubernetes.
                                                                                                                                                                                                           
                                                                                                                                                                                                          If the serviceAccountToken is used for more than 24 hours or 80% of its expiry period, kubelet will automatically rotate the serviceAccountToken.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Use the OpenID Connect ID token to call the API for Obtaining a Token with an OpenID Connect ID Token. The X-Subject-Token field in the response header is the IAM token. Then, you can use this token to access cloud services.
                                                                                                                                                                                                          The following shows an example:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          curl -i --location --request POST 'https://{{iam endpoint}}/v3.0/OS-AUTH/id-token/tokens' \
+ --header 'X-Idp-Id: workload_identity' \
+ --header 'Content-Type: application/json' \
+ --data @token_body.json
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specifically:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • {{iam endpoint}} indicates the endpoint of IAM. For details, see Regions and Endpoints.
                                                                                                                                                                                                          • workload_identity is the identity provider name, which is the same as that configured in Step 2: Configure an Identity Provider.
                                                                                                                                                                                                          • token_body.json is a local file and its content is as follows:
                                                                                                                                                                                                             { 
+   "auth" : { 
+     "id_token" : { 
+       "id" : "eyJhbGciOiJSU..."
+     }, 
+     "scope": { 
+       "project" : { 
+         "id" : "46419baef4324...",
+         "name" : ******
+       } 
+     } 
+   } 
+ }
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • $.auth.id_token.id: The value is the content of the /var/run/secrets/tokens/oidc-token file in the container.
                                                                                                                                                                                                            • $.auth.scope.project.id: indicates the project ID. For details about how to obtain the project ID, see Obtaining a Project ID.
                                                                                                                                                                                                            • $.auth.scope.project.name: indicates the project name.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Security
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_bestpractice_0340.html b/docs/cce/umn/cce_bestpractice_0340.html
index bf0eca100..3e67f5a9c 100644
--- a/docs/cce/umn/cce_bestpractice_0340.html
+++ b/docs/cce/umn/cce_bestpractice_0340.html
@@ -1,11 +1,7 @@
 
 
-
-  
                                                                                                                                                                                                        Procedure
                                                                                                                                                                                                        
-
-  
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
-
+
                                                                                                                                                                                                        Procedure
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • Containerizing an Entire Application
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0346.html b/docs/cce/umn/cce_bestpractice_0346.html
index 8e72dc891..9bb63961a 100644
--- a/docs/cce/umn/cce_bestpractice_0346.html
+++ b/docs/cce/umn/cce_bestpractice_0346.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                                          Overview
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CoreDNS Optimization Overview
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Application Scenarios
                                                                                                                                                                                                          DNS is one of the important basic services in Kubernetes. When the container DNS policy is not properly configured and the cluster scale is large, DNS resolution may time out or fail. In extreme cases, a large number of services in the cluster may fail to be resolved. This section describes the best practices of CoreDNS configuration optimization in Kubernetes clusters to help you avoid such problems.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          CoreDNS configuration optimization includes clients and servers.
                                                                                                                                                                                                          
@@ -12,7 +12,7 @@
 
                                                                                                                                                                                                          For more information about CoreDNS configurations, see https://coredns.io/.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CoreDNS open source community: https://github.com/coredns/coredns
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Prerequisites
                                                                                                                                                                                                          • A CCE cluster has been created.
                                                                                                                                                                                                          • You can access the cluster using kubectl.
                                                                                                                                                                                                          • The CoreDNS add-on is installed in the cluster. The latest version of CoreDNS is recommended.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Prerequisites
                                                                                                                                                                                                          • You have created a CCE cluster.
                                                                                                                                                                                                          • You can access the cluster using kubectl.
                                                                                                                                                                                                          • The CoreDNS add-on is installed in the cluster. The latest version of CoreDNS is recommended.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0350.html b/docs/cce/umn/cce_bestpractice_0350.html
index 16d4f1754..d8bb92929 100644
--- a/docs/cce/umn/cce_bestpractice_0350.html
+++ b/docs/cce/umn/cce_bestpractice_0350.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                                                          Avoiding Occasional DNS Resolution Timeout Caused by IPVS Defects
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          When kube-proxy uses IPVS load balancing, you may encounter DNS resolution timeout occasionally during CoreDNS scale-in or restart.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          This problem is caused by a Linux kernel defect. For details, see https://github.com/torvalds/linux/commit/35dfb013149f74c2be1ff9c78f14e6a3cd1539d1.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          When kube-proxy uses IPVS load balancing, you may encounter DNS resolution timeout occasionally during CoreDNS scale-in or restart.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This problem is caused by a Linux kernel defect. For details, see https://github.com/torvalds/linux/commit/35dfb013149f74c2be1ff9c78f14e6a3cd1539d1.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          You can use NodeLocal DNSCache to minimize the impact of IPVS defects.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          You can use NodeLocal DNSCache to minimize the impact of IPVS defects.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0352.html b/docs/cce/umn/cce_bestpractice_0352.html
index 891f34cbc..26810b24a 100644
--- a/docs/cce/umn/cce_bestpractice_0352.html
+++ b/docs/cce/umn/cce_bestpractice_0352.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                                          Upgrading the CoreDNS in the Cluster Timely
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CoreDNS provides simple functions and is compatible with different Kubernetes versions. CCE periodically synchronizes bugs from the community and upgrades the coredns add-on. You are advised to periodically upgrade the CoreDNS. The CCE add-on management center supports the CoreDNS installation and upgrade. You can define the CoreDNS version in the cluster. If the version can be upgraded, upgrade the CoreDNS component in the cluster as soon as possible.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          You can upgrade CoreDNS in a cluster by performing the following procedure:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Log in to the CCE console, select a cluster, and click Add-ons in the navigation pane.
                                                                                                                                                                                                          2. In the Add-on Installed, locate the coredns add-on and click Upgrade.
                                                                                                                                                                                                          3. Set parameters.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the CCE console and click the name of the target cluster to access the cluster console. In the navigation pane, choose Add-ons.
                                                                                                                                                                                                          2. Locate the CoreDNS add-on and click Upgrade.
                                                                                                                                                                                                          3. Set parameters.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_0357.html b/docs/cce/umn/cce_bestpractice_0357.html
index adc3fa804..69688558e 100644
--- a/docs/cce/umn/cce_bestpractice_0357.html
+++ b/docs/cce/umn/cce_bestpractice_0357.html
@@ -3,11 +3,10 @@
 
                                                                                                                                                                                                          Configuring CoreDNS
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          On the console, the CoreDNS add-on can only be configured with the preset specifications, which can satisfy most of the service requirements. In some scenarios where there are requirements on the CoreDNS resource usage, you may need to customize the add-on specifications.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CoreDNS official document: https://coredns.io/plugins/
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Configuring CoreDNS Specifications
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                          2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS. The add-on details page is displayed.
                                                                                                                                                                                                          3. In the Specifications area, configure coredns specifications.
                                                                                                                                                                                                          4. Change the number of pods, CPU quotas, and memory quotas as needed to adjust the domain name resolution QPS provided by CoreDNS.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Configuring CoreDNS Specifications
                                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                            2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                                                            3. In the Specifications area, configure coredns specifications.
                                                                                                                                                                                                            4. Change the number of replicas, CPU quotas, and memory quotas as needed to adjust the domain name resolution QPS provided by CoreDNS.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            5. Click OK.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Properly Configuring the Stub Domain for DNS
                                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                            2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                                                            3. Add a stub domain in the Parameters area. The format is a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses, for example, consul.local -- 10.150.0.1.
                                                                                                                                                                                                            4. Click OK.
                                                                                                                                                                                                            5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                                                                                              The corresponding Corefile content is as follows:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              .:5353 {
+
                                                                                                                                                                                                              Properly Configuring the Stub Domain for DNS
                                                                                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                              2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                                                              3. Add a stub domain in the Parameters area. The format is a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses, for example, consul.local -- 10.150.0.1.
                                                                                                                                                                                                                Corefile:
                                                                                                                                                                                                                .:5353 {
     bind {$POD_IP}
     cache 30 {
         servfail 5s
@@ -26,29 +25,29 @@
     reload
     ready {$POD_IP}:8081
 }
-consul.local:5353 {
-    bind {$POD_IP}
-    errors
-    cache 30
-    forward . 10.150.0.1
-}
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              
+consul.local:5353 {
+    bind {$POD_IP}
+    errors
+    cache 30
+    forward . 10.150.0.1
+}
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          5. Click OK.
                                                                                                                                                                                                          6. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Properly Configuring the Host
                                                                                                                                                                                                          To specify hosts for a specific domain name, you can use the hosts add-on. An example is as follows:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                          2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                                                          3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                                                                                            {
+
                                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                            2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                                                            3. Edit extended parameters in Parameters and add the following content to the plugins field:
                                                                                                                                                                                                              {
   "configBlock": "192.168.1.1 www.example.com\nfallthrough",
   "name": "hosts"
 }
                                                                                                                                                                                                              
-
                                                                                                                                                                                                               
                                                                                                                                                                                                              The fallthrough field must be configured. fallthrough indicates that when the domain name to be resolved cannot be found in the hosts file, the resolution task is transferred to the next CoreDNS plug-in. If fallthrough is not specified, the task ends and the domain name resolution stops. As a result, the domain name resolution in the cluster fails.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                               
                                                                                                                                                                                                              The fallthrough field must be configured. fallthrough indicates that when the domain name to be resolved cannot be found in the hosts file, the resolution task is transferred to the next add-on of CoreDNS. If fallthrough is not specified, the task ends and the domain name resolution stops. As a result, the domain name resolution in the cluster fails.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              For details about how to configure the hosts file, visit https://coredns.io/plugins/hosts/.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            4. Click OK.
                                                                                                                                                                                                            5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                                                                                              The corresponding Corefile content is as follows:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              .:5353 {
+
                                                                                                                                                                                                              Corefile:
                                                                                                                                                                                                              .:5353 {
     bind {$POD_IP}
-    hosts {
-      192.168.1.1 www.example.com
-      fallthrough
-    }
+    hosts {
+      192.168.1.1 www.example.com
+      fallthrough
+    }
     cache 30
     errors
     health {$POD_IP}:8080
@@ -64,11 +63,12 @@
     reload
     ready {$POD_IP}:8081
 }
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Click OK.
                                                                                                                                                                                                        • Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of coredns to check whether the update is successful.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Configuring IPv6 Resolution Properly
                                                                                                                                                                                                      If the IPv6 kernel module is not disabled on the Kubernetes cluster host machine, the container initiates IPv4 and IPv6 resolution at the same time by default when requesting the coredns add-on. Generally, only IPv4 addresses are used. Therefore, if you only configure DOMAIN in IPv4 address, the coredns add-on forwards the request to the upstream DNS server for resolution because the local configuration cannot be found. As a result, the DNS resolution request of the container slows down.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      CoreDNS provides the template plug-in. After being configured, CoreDNS can immediately return an empty response to all IPv6 requests to prevent the requests from being forwarded to the upstream DNS.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                      2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                                                                                      3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                                                                                        • AAAA indicates an IPv6 resolution request. If NXDOMAIN is returned in the rcode control response, meaning that no resolution result is returned.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                                                        3. Edit extended parameters in Parameters and add the following content to the plugins field.
                                                                                                                                                                                                          • AAAA indicates an IPv6 resolution request. If NXDOMAIN is returned in the rcode control response, meaning that no resolution result is returned.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          For details about the template plug-in, visit https://github.com/coredns/coredns/tree/master/plugin/template.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          {
   "configBlock": "rcode NXDOMAIN",
@@ -99,12 +99,12 @@
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Properly Configuring Cache Policies
                                                                                                                                                                                                      If you configure CoreDNS with an upstream DNS server, you can implement a cache policy that enables CoreDNS to use the expired local cache when it is unable to access the upstream DNS server.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                      2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                                                                                      3. In the window that slides out from the right, in the Parameters area, modify the cache content in the plugins field for Advance Config. For details about how to configure the cache, see https://coredns.io/plugins/cache/.
                                                                                                                                                                                                        {
+
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. In the navigation pane, choose Add-ons. Then, click Edit under CoreDNS.
                                                                                                                                                                                                        3. Edit extended parameters in Parameters and modify the cache content in the plugins field. For details about how to configure the cache, see https://coredns.io/plugins/cache/.
                                                                                                                                                                                                          {
     "configBlock": "servfail 5s\nserve_stale 60s immediate",
     "name": "cache",
     "parameters": 30
 }
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        4. Click OK.
                                                                                                                                                                                                        5. In the navigation pane, choose ConfigMaps and Secrets. Select the kube-system namespace, view the data of the ConfigMap named coredns to check whether the update is successful.
                                                                                                                                                                                                          Corresponding Corefile content:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          .:5353 {
     bind {$POD_IP}
diff --git a/docs/cce/umn/cce_bestpractice_10001.html b/docs/cce/umn/cce_bestpractice_10001.html
index 08ca27838..c7650555f 100644
--- a/docs/cce/umn/cce_bestpractice_10001.html
+++ b/docs/cce/umn/cce_bestpractice_10001.html
@@ -6,10 +6,10 @@
 
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          Several release policies are developed for service upgrade: grayscale release, blue-green deployment, A/B testing, rolling upgrade, and batch suspension of release. Traffic loss or service unavailability caused by releases can be avoided as much as possible.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          This document describes the principles and practices of grayscale release and blue-green deployment.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • Grayscale release, also called canary release, is a smooth iteration mode for version upgrade. During the upgrade, some users use the new version, while other users continue to use the old version. After the new version is stable and ready, it gradually takes over all the live traffic. In this way, service risks brought by the release of the new version can be minimized, the impact of faults can be reduced, and quick rollback is supported.
                                                                                                                                                                                                            The following figure shows the general process of grayscale release. First, divide 20% of all service traffic to the new version. If the service version runs normally, gradually increase the traffic proportion and continue to test the performance of the new version. If the new version is stable, switch all traffic to it and bring the old version offline.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            If an exception occurs in the new version when 20% of the traffic goes to the new version, you can quickly switch back to the old version.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10002.html b/docs/cce/umn/cce_bestpractice_10002.html
index c14021459..b3ab01f6b 100644
--- a/docs/cce/umn/cce_bestpractice_10002.html
+++ b/docs/cce/umn/cce_bestpractice_10002.html
@@ -3,12 +3,12 @@
 
                                                                                                                                                                                                      Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      To implement grayscale release for a CCE cluster, deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These solutions are difficult to implement. If your grayscale release requirements are simple and you do not want to introduce too many plug-ins or complex configurations, you can refer to this section to implement simple grayscale release and blue-green deployment based on native Kubernetes features.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Principles
                                                                                                                                                                                                      Users usually use Kubernetes objects such as Deployments and StatefulSets to deploy services. Each workload manages a group of pods. The following figure uses Deployment as an example.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Generally, a Service is created for each workload. The Service uses the selector to match the backend pod. Other Services or objects outside the cluster can access the pods backing the Service. If a pod needs to be exposed, set the Service type to LoadBalancer. The ELB load balancer functions as the traffic entrance.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Grayscale release principles
                                                                                                                                                                                                        Take a Deployment as an example. A Service, in most cases, will be created for each Deployment. However, Kubernetes does not require that Services and Deployments correspond to each other. A Service uses a selector to match backend pods. If pods of different Deployments are selected by the same selector, a Service corresponds to multiple versions of Deployments. You can adjust the number of replicas of Deployments of different versions to adjust the weights of services of different versions to achieve grayscale release. The following figure shows the process:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Blue-green deployment principles
                                                                                                                                                                                                        Take a Deployment as an example. Two Deployments of different versions have been deployed in the cluster, and their pods are labeled with the same key but different values to distinguish versions. A Service uses the selector to select the pod of a Deployment of a version. In this case, you can change the value of the label that determines the version in the Service selector to change the pod backing the Service. In this way, you can directly switch the service traffic from one version to another. The following figure shows the process:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Prerequisites
                                                                                                                                                                                                      The Nginx image has been uploaded to SWR. The Nginx images have two versions: v1 and v2. The welcome pages are Nginx-v1 and Nginx-v2.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10006.html b/docs/cce/umn/cce_bestpractice_10006.html
index e4a48596d..22270f190 100644
--- a/docs/cce/umn/cce_bestpractice_10006.html
+++ b/docs/cce/umn/cce_bestpractice_10006.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Overview
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • CoreDNS Optimization Overview
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
 
                                                                                                                                                                                                      • Client
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
diff --git a/docs/cce/umn/cce_bestpractice_10009.html b/docs/cce/umn/cce_bestpractice_10009.html
index 36a398c64..24cd05fc6 100644
--- a/docs/cce/umn/cce_bestpractice_10009.html
+++ b/docs/cce/umn/cce_bestpractice_10009.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                        Application Scenarios
                                                                                                                                                                                                        Generally, a user has different clusters for different purposes, such as production, testing, and development. To monitor, collect, and view metrics of these clusters, you can deploy a set of Prometheus.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution Architecture
                                                                                                                                                                                                        Multiple clusters are connected to the same Prometheus monitoring system, as shown in the following figure. This reduces maintenance and resource costs and facilitates monitoring information aggregation.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Prerequisites
                                                                                                                                                                                                        • The target cluster has been created.
                                                                                                                                                                                                        • Prometheus has been properly connected to the target cluster.
                                                                                                                                                                                                        • Prometheus has been installed on a Linux host using a binary file. For details, see Installation.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
@@ -72,13 +72,13 @@ subjects:
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Obtain the serviceaccount information.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      kubectl describe sa prometheus-test -n kube-system
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      kubectl describe secret prometheus-test-token-hdhkg -n kube-system
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Record the token value, which is the bearer_token information to be collected.
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                    37. Configure bearer_token information.
                                                                                                                                                                                                      Log in to the host where Prometheus is located, go to the Prometheus installation directory, and save the token information of the target cluster in a file.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    38. Configure a Prometheus monitoring job.
                                                                                                                                                                                                      The example job monitors container metrics. To monitor other metrics, you can add jobs and compile capture rules.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                        - job_name: k8s_cAdvisor
     scheme: https
@@ -130,8 +130,8 @@ subjects:
       replacement: xxxx    ## (Optional) Enter the cluster information.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    39. Enable Prometheus.
                                                                                                                                                                                                      After the configuration, enable Prometheus.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      ./prometheus --config.file=prometheus.yml
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    40. Log in to Prometheus and view the monitoring information.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    41. Log in to Prometheus and view the monitoring information.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      42. 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10010.html b/docs/cce/umn/cce_bestpractice_10010.html
index c3868c3af..db977f724 100644
--- a/docs/cce/umn/cce_bestpractice_10010.html
+++ b/docs/cce/umn/cce_bestpractice_10010.html
@@ -16,7 +16,7 @@
 
-
@@ -26,7 +26,7 @@
 
-
@@ -37,7 +37,7 @@
 
-
@@ -47,7 +47,7 @@
 
-
@@ -100,7 +100,7 @@
 
                                                                                                                                                                                                       
                                                                                                                                                                                                      Pods using HostNetwork are excluded.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Cluster-level Global Configuration
                                                                                                                                                                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                                                      2. Click  next to the target cluster and choose Manage.
                                                                                                                                                                                                      3. In the window that slides out from the right, click Networking Components. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                                                      4. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Cluster-level Global Configuration
                                                                                                                                                                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                                                      2. Click  next to the target cluster and choose Manage.
                                                                                                                                                                                                      3. In the window that slides out from the right, click Networking Components. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                                                      4. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Custom Settings at the Node Pool Level
                                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                                      2. Click the cluster name to access the cluster console, choose Nodes in the navigation pane, and click the Node Pools tab.
                                                                                                                                                                                                      3. Locate the row containing the target node pool and click Manage.
                                                                                                                                                                                                      4. In the window that slides out from the right, click Networking Components and enable node pool container ENI pre-binding. For details about the parameter configurations, see Configuration Example.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      5. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10012.html b/docs/cce/umn/cce_bestpractice_10012.html
index 278d06326..92d1623df 100644
--- a/docs/cce/umn/cce_bestpractice_10012.html
+++ b/docs/cce/umn/cce_bestpractice_10012.html
@@ -24,9 +24,9 @@
 
                                                                                                                                                                                                      Assume that the node uses the OverlayFS and the data disk attached to this node is 20 GiB. According to the preceding methods, the capacity for storing container engines and images occupies 90% of the data disk capacity, and the capacity for the dockersys volume is 18 GiB (20 GiB x 90%). Additionally, mandatory add-ons may occupy about 2 GiB storage capacity during cluster creation. If you deploy a .tar package of 10 GiB, the package decompression takes 20 GiB of the dockersys volume's storage capacity. This, coupled with the storage capacity occupied by mandatory add-ons, exceeds the remaining capacity of the dockersys volume. As a result, the image pull may fail.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Device Mapper
                                                                                                                                                                                                      By default, the capacity for storing container engines and container images of a node using the Device Mapper storage driver occupies 90% of the data disk capacity (you are advised to retain this value). The occupied capacity includes the dockersys volume and thinpool volume. The calculation methods are as follows:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • Capacity for storing container engines and container images requires 90% of the data disk capacity by default.
                                                                                                                                                                                                        • Capacity for the dockersys volume (in the /var/lib/docker directory) requires 20% of the capacity for storing container engines and container images.
                                                                                                                                                                                                        • Capacity forthe thinpool volume requires 80% of the container engine and container image storage capacity.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Capacity for storing container engines and container images requires 90% of the data disk capacity by default.
                                                                                                                                                                                                          • Capacity for the dockersys volume (in the /var/lib/docker directory) requires 20% of the capacity for storing container engines and container images.
                                                                                                                                                                                                          • Capacity for the thinpool volume requires 80% of the container engine and container image storage capacity.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • Capacity for storing temporary kubelet and emptyDir requires 10% of the data disk capacity.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        On a node using the Device Mapper storage driver, when an image is pulled, the .tar package is temporarily stored in the dockersys volume. After the .tar package is decompressed, the image file is stored in the thinpool volume, and the package in the dockersys volume will be deleted. Therefore, during image pull, ensure that the storage capacity of the dockersys volume and thinpool volume are sufficient, and note that the former is smaller than the latter. To ensure that the containers can run stably, reserve certain capacity in the dockersys volume for container logs and other related files.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        On a node using the Device Mapper storage driver, when an image is pulled, the .tar package is temporarily stored in the dockersys volume. After the .tar package is decompressed, the image file is stored in the thinpool volume, and the package in the dockersys volume will be deleted. Therefore, during image pull, ensure that the dockersys partition space and thinpool space are sufficient, and note that the former is smaller than the latter. To ensure that the containers can run stably, reserve certain capacity in the dockersys volume for container logs and other related files.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        When selecting a data disk, consider the following formulas:
                                                                                                                                                                                                        • Capacity for dockersys volume > Temporary storage capacity of the .tar package (approximately equal to the actual total image storage capacity) + Number of containers x Storage capacity of a single container (about 1 GiB log storage capacity must be reserved for each container)
                                                                                                                                                                                                        • Capacity for thinpool volume > Actual total image storage capacity + Total add-on image storage capacity (about 2 GiB)
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        If container logs are output in the json.log format, they will occupy some capacity in the dockersys volume. If container logs are stored on persistent storage, they will not occupy capacity in the dockersys volume. Estimate the capacity of every container as required.
                                                                                                                                                                                                        
@@ -51,26 +51,33 @@
 
                                                                                                                                                                                                        Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                          # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                   8:0    0   50G  0 disk 
-└─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                          
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
 
                                                                                                                                                                                                        2. Expand the disk capacity.
                                                                                                                                                                                                          Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                            pvresize /dev/vdb
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                              pvresize /dev/sdb
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Physical volume "/dev/vdb" changed
+
                                                                                                                                                                                                              Physical volume "/dev/sdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                              lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+
                                                                                                                                                                                                              Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to 140.00 GiB (35840 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                              resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
-old_desc_blocks = 12, new_desc_blocks = 24
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                              
+old_desc_blocks = 12, new_desc_blocks = 18
+The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. Check whether the capacity is expanded.
                                                                                                                                                                                                            # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk
+├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                            # lsblk
@@ -95,7 +102,20 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                        4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                          # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   167G  0 lvm             # Thin pool space after capacity expansion
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                                          
@@ -103,13 +123,26 @@ Logical volume vgpaas/thinpool successfully resized.
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
 
                                                                                                                                                                                                        2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                          lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+
                                                                                                                                                                                                          Size of logical volume vgpaas/dockersys changed from <18.00 GiB (4607 extents) to <118.00 GiB (30208 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                          resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
-old_desc_blocks = 4, new_desc_blocks = 16
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                          
+old_desc_blocks = 3, new_desc_blocks = 15
+The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
+
                                                                                                                                                                                                        4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                          # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   118G  0 lvm  /var/lib/docker     # dockersys after capacity expansion
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm             
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10016.html b/docs/cce/umn/cce_bestpractice_10016.html
index 5778d6a57..b4e61acc8 100644
--- a/docs/cce/umn/cce_bestpractice_10016.html
+++ b/docs/cce/umn/cce_bestpractice_10016.html
@@ -4,64 +4,64 @@
 
                                                                                                                                                                                                      When you use CCE to create a Kubernetes cluster, there are multiple configuration options and terms. This section compares the key configurations for CCE clusters and provides recommendations to help you create a cluster that better suits your needs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Cluster Types
                                                                                                                                                                                                      CCE supports CCE Turbo clusters and CCE standard clusters to meet your requirements. This section describes the differences between these two types of clusters.
                                                                                                                                                                                                      
 
-
                                                                                                                                                                                                      Table 2 Parameters
                                                                                                                                                                                                      Volume Type
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parameter
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Mandatory
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Mandatory
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
                                                                                                                                                                                                       
 
                                                                                                                                                                                                      EVS
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Driver type. If an EVS disk is used, the parameter value is fixed at disk.csi.everest.io.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If an EVS disk is used, the parameter value can be ext4 or xfs.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The restrictions on using xfs are as follows:
                                                                                                                                                                                                      • The nodes must run CentOS 7 or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                                                                                      • Only common containers are supported.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The restrictions on using xfs are as follows:
                                                                                                                                                                                                      • The nodes must run CentOS 7, HCE OS 2.0, or Ubuntu 22.04, and the Everest version in the cluster must be 2.3.2 or later.
                                                                                                                                                                                                      • Only common containers are supported.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      		
 
                                                                                                                                                                                                      SFS
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Driver type. If SFS is used, the parameter value is fixed at nas.csi.everest.io.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The parameter value is fixed at false, indicating that the file is shared to private.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      You do not need to configure this parameter when SFS 3.0 is used.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      When you use SFS 3.0, there is no need to configure this parameter.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      everest.io/sfs-version
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      No
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      This parameter is mandatory only when SFS 3.0 is used. The value is fixed at sfs3.0.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      This parameter is only required for SFS 3.0 and its value is fixed at sfs3.0.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      SFS Turbo
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Driver type. If SFS Turbo is used, the parameter value is fixed at sfsturbo.csi.everest.io.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      No
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      SFS Turbo storage class. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      SFS Turbo StorageClass. The default value is STANDARD, indicating standard and standard enhanced editions. This parameter does not take effect.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      OBS
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      csi.storage.k8s.io/csi-driver-name
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Driver type. If OBS is used, the parameter value is fixed at obs.csi.everest.io.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      OBS storage class.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      OBS StorageClass.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                                                                                                                                      • This parameter is invalid when fsType is set to obsfs.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
 
 
                                                                                                                                                                                                      EVS with delayed binding
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      csi-nas
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      csi-sfs
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      SFS
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      nic-minimum-target
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Minimum Number of Container ENIs Bound to a Node
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      10
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Configure these parameters based on the number of pods.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      nic-maximum-target
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Upper Limit of Pre-bound Container ENIs
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      0
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Configure these parameters based on the number of pods.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      nic-warm-target
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Container ENIs Dynamically Pre-bound to a Node
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      2
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Set this parameter to the number of pods that can be scaled out instantaneously within 10 seconds.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      nic-max-above-warm-target
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Threshold for Unbinding Pre-bound Container ENIs
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      2
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
 
                                                                                                                                                                                                      Table 1 Cluster types
                                                                                                                                                                                                      Category
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_bestpractice_10017.html b/docs/cce/umn/cce_bestpractice_10017.html
index 3926882f2..6e0ea15ce 100644
--- a/docs/cce/umn/cce_bestpractice_10017.html
+++ b/docs/cce/umn/cce_bestpractice_10017.html
@@ -41,7 +41,7 @@
 
-
                                                                                                                                                                                                      Selecting a Network Model
                                                                                                                                                                                                      • Network model: CCE supports VPC network, Cloud Native 2.0 network, and container tunnel network models for your clusters. Different models have different performance and functions. For details, see Network Models.
                                                                                                                                                                                                      • VPC network: To enable your applications to access other cloud services like RDS, create related services in the same VPC network as your cluster which runs these applications. This is because services using different VPC networks are isolated from each other. If you have created instances, use VPC peering to enable communication between VPCs.
                                                                                                                                                                                                      • Container CIDR block: Do not configure a small container CIDR block. Otherwise, the number of supported nodes will be limited.
                                                                                                                                                                                                        • For a cluster using a VPC network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses available. If the maximum number of pods reserved on each node is 128, the maximum number of nodes supported is 512.
                                                                                                                                                                                                        • For a cluster using a container tunnel network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses assigned to your cluster. The container CIDR block allocates 16 IP addresses to the nodes at a time by default. The maximum number of nodes supported by your cluster is 4096 (65536/16=4096).
                                                                                                                                                                                                        • For a cluster using the Cloud Native Network 2.0, the container CIDR block is the VPC subnet, and the number of containers can be created depends on the size of the selected subnet.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Selecting a Network Model
                                                                                                                                                                                                        • Network model: CCE supports VPC network, Cloud Native 2.0 network, and container tunnel network models for your clusters. Different models have different performance and functions. For details, see Network Models.
                                                                                                                                                                                                        • VPC network: To enable your applications to access other cloud services like RDS, create related services in the same VPC network as your cluster which runs these applications. This is because services using different VPC networks are isolated from each other. If you have created instances, use VPC peering connections to enable communications between VPCs.
                                                                                                                                                                                                        • Container CIDR block: Do not configure a small container CIDR block. Otherwise, the number of supported nodes will be limited.
                                                                                                                                                                                                          • For a cluster using a VPC network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses available. If the maximum number of pods reserved on each node is 128, the maximum number of nodes supported is 512.
                                                                                                                                                                                                          • For a cluster using a container tunnel network, if the subnet mask of the container CIDR block is /16, there are 256 x 256 IP addresses assigned to your cluster. The container CIDR block allocates 16 IP addresses to the nodes at a time by default. The maximum number of nodes supported by your cluster is 4096 (65536/16=4096).
                                                                                                                                                                                                          • For a cluster using a Cloud Native 2.0 network, the container CIDR block is the VPC subnet, and the number of containers can be created depends on the size of the selected subnet.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        • Service CIDR block: The service CIDR block determines the upper limit of Service resources in your cluster. Evaluate your actual needs and then configure the CIDR block. A created CIDR block cannot be modified. Do not configure an excessively small one.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        For details, see Planning CIDR Blocks for a Cluster.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
@@ -55,7 +55,7 @@
 
                                                                                                                                                                                                        Partitioning Data Disks Attached to a Node
                                                                                                                                                                                                        By default, the first data disk of a worker node is for storing the container runtime and kubelet components. The remaining capacity of this data disk affects image download and container startup and running. For details, see Data Disk Space Allocation.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The default space of this date disk is 100 GiB. You can adjust the space as required. Images, system logs, and application logs are stored on data disks. Therefore, you need to evaluate the number of pods to be deployed on each node, the size of logs, images, and temporary data of each pod, as well as some reserved space for the system. For details, see Selecting a Data Disk for the Node.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Running npd
                                                                                                                                                                                                        A failure in a worker node may affect the availability of the applications. npd is used to monitor node exceptions. It helps you detect and handle latent exceptions in a timely manner. You can also customize the check items, including target node, check period, and triggering threshold. For details, see Node Fault Detection Policy.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Running npd
                                                                                                                                                                                                        A failure in a worker node may affect the availability of the applications. CCE Node Problem Detector is used to monitor node exceptions. It helps you detect and handle latent exceptions in a timely manner. You can also customize the check items, including target node, check period, and triggering threshold. For details, see Configuring Node Fault Detection Policies.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Configuring the DNS Cache
                                                                                                                                                                                                        When the number of DNS requests in a cluster increases, the load of CoreDNS increases and the following issues may occur:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • Increased delay: CoreDNS needs to process more requests, which may slow down the DNS query and affect service performance.
                                                                                                                                                                                                        • Increased resource usage: To ensure DNS performance, CoreDNS requires higher specifications.
                                                                                                                                                                                                        
@@ -72,7 +72,7 @@
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Configuring Resource Quotas for a Workload
                                                                                                                                                                                                        Configure and adjust resource requests and limits for all workloads.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        If too many pods are scheduled to one node, the node will be overloaded and unable to provide services.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        To avoid this problem, when deploying a pod, specify the request and limit resources required by the pod. Kubernetes then selects a node with sufficient idle resources for this pod. In the following example, the Nginx pod requires 1-core CPU and 1024 MiB memory. The actual usage cannot exceed 2-core CPU and 4096 MiB memory.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        To avoid this problem, when deploying a pod, specify the resource request and limit required by the pod. Kubernetes then selects a node with enough idle resources for this pod. In the following example, the Nginx pod requires 1-core CPU and 1024 MiB memory. The actual usage cannot exceed 2-core CPU and 4096 MiB memory.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Kubernetes statically schedules resources. The remaining resources on each node are calculated as follows: Remaining resources on a node = Total resources on the node – Allocated resources (not resources in use). If you manually run a resource-consuming process, Kubernetes cannot detect it.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Additionally, the resource usage must be claimed for all pods. For a pod that does not claim the resource usage, after it is scheduled to a node, Kubernetes does not deduct the resources used by this pod from the node on which it is running. Other pods may still be scheduled to this node.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
@@ -130,7 +130,7 @@ spec:
 
 
                                                                                                                                                                                                      
-
@@ -148,7 +148,7 @@ spec:
 
-
diff --git a/docs/cce/umn/cce_bestpractice_10020.html b/docs/cce/umn/cce_bestpractice_10020.html
index 21109abc5..84c9fdd9a 100644
--- a/docs/cce/umn/cce_bestpractice_10020.html
+++ b/docs/cce/umn/cce_bestpractice_10020.html
@@ -9,7 +9,7 @@
 
                                                                                                                                                                                                      • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                                                      • After the node is available, manually restart it.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                                                      2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                                                      3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Procedure
                                                                                                                                                                                                        1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                                                        2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                                                        3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
                                                                                                                                                                                                          
 
                                                                                                                                                                                                           
                                                                                                                                                                                                          The command example here is for reference only.
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_10020_0.html b/docs/cce/umn/cce_bestpractice_10020_0.html
new file mode 100644
index 000000000..922f473ca
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10020_0.html
@@ -0,0 +1,25 @@
+
+
+
                                                                                                                                                                                                          Executing the Pre- or Post-installation Commands During Node Creation
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Background
                                                                                                                                                                                                          When creating a node, use the pre- or -installation commands to install tools or perform security hardening on the node. This section provides guidance for you to correctly use the pre- or post-installation scripts. 
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Precautions
                                                                                                                                                                                                          • Do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                                                            The pre-installation script has a 15-minute time limit, while the post-installation script has a 30-minute time limit. If the node is not available within the designated time, the node reclaim process will be initiated. Therefore, do not use pre- or post-installation scripts that take a long time to execute.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Do not directly use reboot in the script.
                                                                                                                                                                                                            CCE executes the post-installation command after installing mandatory components on a node. The node will be available only after the post-installation command is executed. If you run reboot directly, the node may be restarted before its status is reported. As a result, it cannot reach the running state within 30 minutes, and a rollback due to timeout will be triggered. Therefore, do not use reboot.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If you need to restart a node, perform the following operations:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • Run shutdown -r <time > in the script to delay the restart. For example, you can run shutdown -r 1 to delay the restart for 1 minute.
                                                                                                                                                                                                            • After the node is available, manually restart it.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Procedure
                                                                                                                                                                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access the cluster console.
                                                                                                                                                                                                          2. Choose Nodes in the navigation pane, click the Nodes tab, click Create Node in the right corner, and configure the parameters.
                                                                                                                                                                                                          3. In the Advanced Settings area, enter pre- or post-installation commands.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            For example, you can create iptables rules by running a post-installation command to allow a maximum of 25 TCP data packets to be addressed to port 80 per minute and allow a maximum of 100 data packets to be addressed to the port when the limit is exceeded to prevent DDoS attacks.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
                                                                                                                                                                                                            
+
                                                                                                                                                                                                             
                                                                                                                                                                                                            The command example here is for reference only.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          4. After the configuration, enter the number of nodes to be created and click Next: Confirm.
                                                                                                                                                                                                          5. Click Submit.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Node O&M
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_bestpractice_10024.html b/docs/cce/umn/cce_bestpractice_10024.html
index b4086d124..c516390ef 100644
--- a/docs/cce/umn/cce_bestpractice_10024.html
+++ b/docs/cce/umn/cce_bestpractice_10024.html
@@ -14,16 +14,53 @@
 
                                                                                                                                                                                                          When the client sends a LIST request, it may need to be processed by multiple control plane components, resulting in a larger amount of data to be processed and a more complex data type. As a result, when the client gets a large amount of data, resource usages on etcd and API server remain high. If the bearing capability is exceeded, the cluster becomes overloaded.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4. 
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        CCE Overload Control
                                                                                                                                                                                                        • Overload control: CCE clusters have supported overload control since v1.23, which reduces the number of LIST requests outside the system when the control plane experiences high resource usage pressure. To use this function, enable overload control for your clusters. For details, see Cluster Overload Control.
                                                                                                                                                                                                        • Optimized processes on LIST requests: Starting from CCE clusters of v1.23.8-r0 and v1.25.3-r0, processes on LIST requests have been optimized. Even if a client does not specify the resourceVersion parameter, kube-apiserver responds to requests based on its cache to avoid additional etcd queries and ensure that the response data is up to date. Additionally, namespace indexes are now added to the kube-apiserver cache. This means that when a client requests a specified resource in a specified namespace, it no longer needs to obtain resources belonging to the namespace based on full data. This effectively reduces the response delay and control plane memory overhead.
                                                                                                                                                                                                        • Refined traffic limiting policy on the server: The API Priority and Fairness (APF) feature is used to implement fine-grained control on concurrent requests. For details, see API Priority and Fairness.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CCE Overload Control
                                                                                                                                                                                                        • Overload control: CCE clusters have supported overload control since v1.23, which reduces the number of LIST requests outside the system when the control plane experiences high resource usage pressure. To use this function, enable overload control for your clusters. For details, see Enabling Overload Control for a Cluster.
                                                                                                                                                                                                        • Optimized processes on LIST requests: Starting from CCE clusters of v1.23.8-r0 and v1.25.3-r0, processes on LIST requests have been optimized. Even if a client does not specify the resourceVersion parameter, kube-apiserver responds to requests based on its cache to avoid additional etcd queries and ensure that the response data is up to date. Additionally, namespace indexes are now added to the kube-apiserver cache. This means that when a client requests a specified resource in a specified namespace, it no longer needs to obtain resources belonging to the namespace based on full data. This effectively reduces the response delay and control plane memory overhead.
                                                                                                                                                                                                        • Refined traffic limiting policy on the server: The API Priority and Fairness (APF) feature is used to implement fine-grained control on concurrent requests. For details, see API Priority and Fairness.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Suggestions
                                                                                                                                                                                                        This section describes measures and suggestions you can take to prevent clusters from being overloaded.
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                      Table 1 Cluster types
                                                                                                                                                                                                      Category
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Subcategory
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Subcategory
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      CCE Turbo Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      CCE Turbo Cluster
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      CCE Standard Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      CCE Standard Cluster
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Cluster
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Positioning
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Positioning
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Standard cluster for common commercial use
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Standard cluster for common commercial use
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Node type
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Node type
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Deployment of VMs
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Deployment of VMs
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Deployment of VMs and bare-metal servers
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Deployment of VMs and bare-metal servers
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Networking
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Networking
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Model
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Model
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Max networking scale: 2,000 nodes
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Max networking scale: 2,000 nodes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Cloud Native Network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • Tunnel network model
                                                                                                                                                                                                      • VPC network model
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Cloud Native Network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Tunnel network model
                                                                                                                                                                                                      • VPC network model
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Performance
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Performance
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Container network isolation
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Container network isolation
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                                                                                      • VPC network model: supports no isolation.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                                                                                      • VPC network model: supports no isolation.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Security
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Security
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Isolation
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Isolation
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • VM: runs common containers, isolated by cgroups.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • VM: runs common containers, isolated by cgroups.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Runs common containers, isolated by cgroups.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Runs common containers, isolated by cgroups.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
                                                                                                                                                                                                       
 
 
                                                                                                                                                                                                      Add-on pods will have labels with the key topology.kubernetes.io/zone for soft anti-affinity deployment, and the anti-affinity type is preferredDuringSchedulingIgnoredDuringExecution.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Add-on pods will be preferentially scheduled to nodes in different AZs. If resources in some AZs are insufficient, some add-on pods may be scheduled to the same AZ which has sufficient resources.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Add-on pods will be preferentially scheduled to nodes in different AZs. If resources in some AZs are insufficient, some add-on pods may be scheduled to the same AZ which has enough resources.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      No mandatory requirements for multi-AZ DR
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Add-on pods will have labels with the key topology.kubernetes.io/zone for configuring topology spread constraints. The pod difference between different topology domains cannot exceed 1 for add-on pods to be evenly distributed in different AZs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The effect of this mode is between that of the preferred mode and that of the required mode. In the equivalent mode, add-on pods can be deployed in different AZs. Additionally, multiple pods can be deployed in a single AZ when there are more pods than AZs. To use this mode, you need to plan node resources in each AZ in advance to ensure that each AZ has sufficient node resources for deploying pods. (If there are more than 1 add-on pods in a single AZ, the nodes to which the add-on pods can be scheduled in each AZ should be one more than the actual add-on pods in the current AZ.) This ensures successful deployment of add-on pods although node resources in some AZ are insufficient and smooth scheduling of add-on pods during update.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The effect of this mode is between that of the preferred mode and that of the required mode. In the equivalent mode, add-on pods can be deployed in different AZs. Additionally, multiple pods can be deployed in a single AZ when there are more pods than AZs. To use this mode, you need to plan node resources in each AZ in advance to ensure that each AZ has enough node resources for deploying pods. (If there are more than one add-on pods in a single AZ, the nodes to which the add-on pods can be scheduled in each AZ should be one more than the actual add-on pods in the current AZ.) This ensures successful deployment of add-on pods although node resources in some AZ are insufficient and smooth scheduling of add-on pods during update.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Scenarios have high requirements for DR
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
 
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Category
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Reference
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Upgrading the Cluster Version
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Enabling Overload Control
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Changing the Cluster Scale
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Splitting the Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      O&M
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Enabling Observability
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Clearing Unused Resources
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Application
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Optimizing the Client Access Mode
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Upgrading the Cluster Version
                                                                                                                                                                                                      As the CCE cluster version evolves, new overload protection features and optimizations are regularly introduced. It is recommended that you promptly upgrade your clusters to the latest version. For details, see Upgrading a Cluster.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Upgrading the Cluster Version
                                                                                                                                                                                                      As the CCE cluster version evolves, new overload protection features and optimizations are regularly introduced. It is recommended that you promptly upgrade your clusters to the latest version. For details, see Upgrading a Cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Enabling Overload Control
                                                                                                                                                                                                      After overload control is enabled, concurrent LIST requests outside the system will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Enabling Overload Control
                                                                                                                                                                                                      After overload control is enabled, concurrent LIST requests outside the system will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      For details, see Cluster Overload Control.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Enabling Observability
                                                                                                                                                                                                      Observability is crucial for maintaining the reliability and stability of clusters. By using monitoring, alarms, and logs, administrators can gain a better understanding of the clusters' performance, promptly identify any issues, and take corrective action in a timely manner.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Enabling Observability
                                                                                                                                                                                                      Observability is crucial for maintaining the reliability and stability of clusters. By using monitoring, alarms, and logs, administrators can gain a better understanding of the clusters' performance, promptly identify any issues, and take corrective action in a timely manner.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Monitoring configurations
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • You can check the monitoring information about master nodes on the Overview page of the CCE cluster console.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -67,9 +104,9 @@
 
                                                                                                                                                                                                      
 
 
-
                                                                                                                                                                                                      Clearing Up Unused Resources
                                                                                                                                                                                                      To prevent a large number of pending pods from consuming extra resources on the control plane, it is recommended that you promptly clear up Kubernetes resources that are no longer in use, such as ConfigMaps, Secrets, and PVCs.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Clearing Unused Resources
                                                                                                                                                                                                      To prevent a large number of pending pods from consuming extra resources on the control plane, it is recommended that you promptly clear up Kubernetes resources that are no longer in use, such as ConfigMaps, Secrets, and PVCs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Optimizing the Client Access Mode
                                                                                                                                                                                                      • To avoid frequent LIST queries, it is best to use the client cache mechanism when retrieving cluster resource data multiple times. It is recommended that you communicate with clusters using informers and listers. For details, see client-go documentation.
                                                                                                                                                                                                        If a LIST query must be used, you can:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Optimizing the Client Access Mode
                                                                                                                                                                                                        • To avoid frequent LIST queries, it is best to use the client cache mechanism when retrieving cluster resource data multiple times. It is recommended that you communicate with clusters using informers and listers. For details, see client-go documentation.
                                                                                                                                                                                                          If a LIST query must be used, you can:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • Obtain needed data from the kube-apiserver cache first and avoid making additional queries on etcd data. For clusters earlier than v1.23.8-r0 and v1.25.3-r0, you can set resourceVersion to 0. In clusters of v1.23.8-r0, v1.25.3-r0, and later versions, CCE has improved the way data is retrieved and ensured that the cached data is up to date. By default, you can access the required data from the cache.
                                                                                                                                                                                                          • Accurately define the query scope to avoid retrieving irrelevant data and using unnecessary resources. For example:
                                                                                                                                                                                                            # client-go Code example for obtaining pods in a specified namespace
 k8sClient.CoreV1().Pods("<your-namespace>").List(metav1.ListOptions{})
 # kubectl Command example for obtaining pods in a specified namespace
@@ -78,11 +115,11 @@ kubectl get pods -n 
                                                                                                                                                                                                          • Use the more efficient Protobuf format instead of the JSON format. By default, Kubernetes returns objects serialized to JSON with content type application/json. This is the default serialization format for the API. However, clients may request the more efficient Protobuf representation of these objects for better performance. For details, see Alternate representations of resources.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Changing the Cluster Scale
                                                                                                                                                                                                        If the resource usage on the master nodes in a cluster remains high for a long time, for example, the memory usage is greater than 85%, it is recommended that you promptly increase the cluster management scale. This will prevent the cluster from becoming overloaded during sudden traffic surges. For details, see Changing Cluster Scale.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Changing the Cluster Scale
                                                                                                                                                                                                        If the resource usage on the master nodes in a cluster remains high for a long time, for example, the memory usage is greater than 85%, it is recommended that you promptly increase the cluster management scale. This will prevent the cluster from becoming overloaded during sudden traffic surges. For details, see Changing Cluster Scale.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        • The performance of the master nodes improves and their specifications become higher as the management scale of a cluster increases.
                                                                                                                                                                                                        • The CCE cluster management scale is the maximum number of nodes that a cluster can manage. It is used as a reference during service deployment planning, and the actual quantity of nodes in use may not reach the maximum number of nodes selected. The actual scale depends on various factors, including the type, quantity, and size of resource objects in the cluster, as well as the number of external accesses to the cluster control plane.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Splitting the Cluster
                                                                                                                                                                                                        The Kubernetes architecture has a performance bottleneck, meaning that the scale of a single cluster cannot be expanded indefinitely. If your cluster has 2,000 worker nodes, it is necessary to split the services and deploy them across multiple clusters. If you encounter any issues with splitting a cluster, submit a service ticket for technical support.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Splitting the Cluster
                                                                                                                                                                                                        The Kubernetes architecture has a performance bottleneck, meaning that the scale of a single cluster cannot be expanded indefinitely. If your cluster has 2,000 worker nodes, it is necessary to split the services and deploy them across multiple clusters. If you encounter any issues with splitting a cluster, submit a service ticket for technical support.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Summary
                                                                                                                                                                                                        When running services on Kubernetes clusters, their performance and availability are influenced by various factors, including the cluster scale, number and size of resources, and resource access. CCE has optimized cluster performance and availability based on cloud native practices and has developed measures to protect against cluster overload. You can use these measures to ensure that your services run stably and reliably over the long term.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bestpractice_10027.html b/docs/cce/umn/cce_bestpractice_10027.html
index 618a38510..a91daad1b 100644
--- a/docs/cce/umn/cce_bestpractice_10027.html
+++ b/docs/cce/umn/cce_bestpractice_10027.html
@@ -13,7 +13,7 @@
 
                                                                                                                                                                                                        The following sections describe how to further improve the add-on SLA.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Increasing the Number of Pods
                                                                                                                                                                                                        You can adjust the number of CoreDNS pods ensure high performance and HA.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Edit.
                                                                                                                                                                                                        2. Increase the number of pods.
                                                                                                                                                                                                        3. Click OK.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate CoreDNS on the right, and click Edit.
                                                                                                                                                                                                        2. Increase the number of replicas.
                                                                                                                                                                                                        3. Click OK.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Deploying the Add-on Pods on Dedicated Nodes
                                                                                                                                                                                                        You can adjust the node affinity policy of CoreDNS and make the CoreDNS pods run on dedicated nodes. This can prevent the CoreDNS resources from being preempted by service applications.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        A custom policy is used as an example.
                                                                                                                                                                                                        
@@ -27,7 +27,7 @@
 
                                                                                                                                                                                                        Deploying the Add-on in Multiple AZs
                                                                                                                                                                                                        By default, the add-on scheduling policy can handle single-node faults. However, if your services require a higher SLA, you can create nodes with different AZ specifications on the node pool page and set the multi-AZ deployment mode of the add-on to the required mode.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. Create nodes in different AZs.
                                                                                                                                                                                                          To create nodes in different AZs, you can simply repeat these steps. Alternatively, you can create multiple node pools, associate them with different AZ specifications, and increase the number of nodes in each pool to achieve the same result.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. In the navigation pane, choose Nodes, click the Nodes tab, and click Create Node in the upper right corner.
                                                                                                                                                                                                          2. On the page displayed, select an AZ for the node.
                                                                                                                                                                                                          3. Configure other mandatory parameters following instructions to complete the creation.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        3. In the navigation tree, choose Add-ons. In the right pane, locate CoreDNS and click Edit.
                                                                                                                                                                                                        4. In the window that slides out from the right, set Multi AZ to Required and click Install.
                                                                                                                                                                                                        5. Choose Workload, click the Deployments tab, and view the CoreDNS pods. Select the kube-system namespace to view the pod distribution of the add-on.
                                                                                                                                                                                                        6. View that the Deployment pods of the add-on has been allocated to nodes in two AZs.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • In the navigation pane, choose Add-ons. In the right pane, locate CoreDNS and click Edit.
                                                                                                                                                                                                      • In the window that slides out from the right, set Multi AZ to Required and click Install.
                                                                                                                                                                                                      • Choose Workload, click the Deployments tab, and view the CoreDNS pods. Select the kube-system namespace to view the pod distribution of the add-on.
                                                                                                                                                                                                      • View that the Deployment pods of the add-on has been allocated to nodes in two AZs.
                                                                                                                                                                                                        • 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_10041.html b/docs/cce/umn/cce_bestpractice_10041.html
index f544366a2..0390b38c7 100644
--- a/docs/cce/umn/cce_bestpractice_10041.html
+++ b/docs/cce/umn/cce_bestpractice_10041.html
@@ -1,28 +1,29 @@
 
 
-
                                                                                                                                                                                                      Retaining the Original IP Address of a Pod
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      SNAT Overview
                                                                                                                                                                                                      In a CCE cluster that uses a VPC network, to enable pods to communicate with external systems, the system automatically translates the source IP addresses of the pods into the IP addresses of the nodes that are running them. This allows pods to communicate with external systems using the node IP addresses. This process is known as pod IP address masquerading or Source Network Address Translation (SNAT).
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Accessing an IP Address Outside a Cluster That Uses a VPC Network Using Source Pod IP Addresses in the Cluster
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In a CCE cluster that uses a VPC network, when pods try to communicate with external systems, CCE automatically translates the source IP addresses of the pods into the IP addresses of the nodes that are running them. This allows pods to communicate with external systems using the node IP addresses. This process is known as pod IP address masquerading or Source Network Address Translation (SNAT).
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      You are allowed to configure private CIDR blocks for your clusters using the nonMasqueradeCIDRs parameter. If a pod tries to access a private CIDR block, the source node will not perform NAT on the pod IP address. Instead, the VPC route table can directly send the pod data packet to the destination, which means, the pod IP address is directly used to communicate with the private CIDR block in the cluster. 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 Pod IP address translation
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Prerequisites
                                                                                                                                                                                                      You have a cluster that uses the VPC network and whose version is v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, or later.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Default Non-Masqueraded CIDR Block Settings in a CCE Cluster
                                                                                                                                                                                                      By default, CCE uses the following well-known private CIDR blocks as non-masqueraded CIDR blocks in each cluster:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • 10.0.0.0/8
                                                                                                                                                                                                      • 172.16.0.0/12
                                                                                                                                                                                                      • 192.168.0.0/16
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • 10.0.0.0/8
                                                                                                                                                                                                      • 172.16.0.0/12
                                                                                                                                                                                                      • 192.168.0.0/16
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Additionally, in a CCE cluster that uses a secondary VPC CIDR block, adding or resetting a node will automatically include the secondary CIDR block in the non-masqueraded CIDR blocks.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      This means that when a pod initiates communication from these CIDR blocks with external resources, its source IP address of the data packet remains unchanged, and it will not be replaced with the IP address of the node running the pod.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      This means that when a pod communicates with external resources and accesses these CIDR blocks, the source IP address of the data packet remains unchanged and is not translated into the node IP address.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Scenarios Where the Default Non-Masqueraded CIDR Blocks Does Not Fit
                                                                                                                                                                                                      The default non-masqueraded CIDR block settings in CCE clusters apply to typical scenarios, but in certain specific scenarios, these default settings may not be sufficient to meet user requirements. The following shows typical examples:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Scenarios Where the Default Non-Masqueraded CIDR Blocks Do Not Fit
                                                                                                                                                                                                      The default non-masqueraded CIDR block settings in CCE clusters apply to typical scenarios, but in certain specific scenarios, these default settings may not be sufficient to meet user requirements. The following shows typical examples:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Cross-node access to pods in a cluster
                                                                                                                                                                                                        When a node in a Kubernetes cluster needs to access a pod on another node, the response data packet sent from the pod is automatically subject to SNAT. This changes the source IP address from the pod IP address to the IP address of the node that runs the pod. However, this automatic IP address translation can sometimes lead to communication issues, making cross-node access impossible.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        To enable a node to access pods on other nodes, you can add the CIDR block of the subnet where the node is located to the nonMasqueradeCIDRs parameter. This will skip SNAT and allow the original IP addresses of pods on these nodes to be retained.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Access from other resources in the same VPC as a cluster to pods in the cluster
                                                                                                                                                                                                        In certain scenarios, it may be necessary to access the original IP addresses of pods on different nodes in a CCE cluster directly from other resources (such as ECSs) in the same VPC as the cluster. However, with SNAT enabled by default, the source IP addresses of the data packets are replaced with the IP addresses of the nodes that run these pods when the data packets pass through the nodes. This makes it difficult for these resources to access pods directly.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        To enable direct access from resources in the same VPC as the cluster to pods, you can add the CIDR blocks of the subnets where these resources are located to the nonMasqueradeCIDRs parameter. This will skip SNAT and ensure that the source IP addresses of the data packets remain the same as the original IP addresses of pods.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Precautions
                                                                                                                                                                                                      If you have set up a security group or ACL for a cloud service that only allows access from IP addresses of nodes running pods, there is no need to perform pod IP address masquerading and configure the nonMasqueradeCIDRs parameter.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Precautions
                                                                                                                                                                                                      If a security group or ACL is configured for a cloud service and only the IP address of the node where the pod runs is allowed to access the service, SNAT is required to translate the pod IP address into the node IP address for successful access. As a result, the CIDR block of the subnet where the server is located cannot be added to the nonMasqueradeCIDRs configuration.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The default setting of pod IP address masquerading (SNAT) is usually sufficient. However, if you need to retain the original IP addresses of pods in specific scenarios, you can configure the nonMasqueradeCIDRs parameter.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Before doing so, make sure you have evaluated your application scenario and understood the potential risks of improper configuration, because it may block access within clusters. If you are unsure whether to configure this parameter, it is recommended that you keep the default settings and adjust the configuration later once the requirement is clarified.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Procedure
                                                                                                                                                                                                      To reserve the source IP address of a pod when the pod accesses a CIDR block, you can configure nonMasqueradeCIDRs to specify the CIDR block that does not need to be masqueraded.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the CCE console and click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                      2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                                                      3. Modify the parameters under Retain the non-spoofed CIDR block of the original pod IP address. Make sure the parameter configuration complies with the following rules:
                                                                                                                                                                                                        • Each CIDR block must comply with the CIDR format and must be a valid IPv4 CIDR block.
                                                                                                                                                                                                          Example of a correct CIDR block: 192.168.1.0/24
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the CCE console and click the name of the target cluster to access the cluster console.
                                                                                                                                                                                                          2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                                                          3. Modify the range of the CIDR block for non-masquerading access to preserve the source pod IP address when accessing a specified CIDR block. Make sure the parameter configuration complies with the following rules:
                                                                                                                                                                                                            • Each CIDR block must comply with the CIDR format and must be a valid IPv4 CIDR block.
                                                                                                                                                                                                              Example of a correct CIDR block: 192.168.1.0/24
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Example of an incorrect CIDR block: 192.168.1.1/24 (incompliant with the CIDR format)
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            • The CIDR blocks you configured do not overlap with each other.
                                                                                                                                                                                                              Example of correct CIDR blocks: 192.168.1.0/24 and 192.168.2.0/24
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Example of incorrect CIDR blocks: 192.168.1.0/24 and 192.168.1.128/25 (The two CIDR blocks overlap.)
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_10046.html b/docs/cce/umn/cce_bestpractice_10046.html
new file mode 100644
index 000000000..8db04ed08
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10046.html
@@ -0,0 +1,45 @@
+
+
+
                                                                                                                                                                                                              Configuration Suggestions on CCE Container Runtime Security
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Container technology uses Linux namespaces and cgroups to isolate and control resources between containers and nodes. Namespaces provide kernel-level isolation, allowing processes to be restricted from accessing specific sets of resources, such as file systems, networks, processes, and users. Cgroups are a Linux kernel feature that manages and limits the usage of resources, such as CPU, memory, disk, and network, to prevent a single process from consuming too many resources and negatively impacting the overall system performance.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              While namespaces and cgroups isolate resources between containers and nodes in an environment, node resources are not visible to containers. However, this isolation does not provide true security isolation because containers share the kernels of their nodes. If a container exhibits malicious behavior or a kernel vulnerability is exploited by attackers, the container may breach resource isolation. This can result in the container escaping and potentially compromising the node and other containers on the node.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              To enhance runtime security, there are various mechanisms that can be used to detect and prevent malicious activities in containers. These mechanisms, such as capabilities, seccomp, AppArmor, and SELinux, can be integrated into Kubernetes. By using these mechanisms, container security can be improved and potential threats can be minimized.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Capabilities
                                                                                                                                                                                                              Capabilities are a permission mechanism that enables a process to perform certain system operations without requiring full root permissions. This mechanism divides root permissions into smaller, independent permissions known as capabilities. By doing so, the process only obtains the minimum permission set necessary to complete its tasks. This approach enhances system security and helps mitigate potential security risks.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              In a containerized environment, you can manage a container's capabilities by configuring its securityContext. The following is a configuration example:
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              ...
+securityContext:
+  capabilities:
+    add: 
+    - NET_BIND_SERVICE
+    drop: 
+    - all
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              In this way, you can ensure that the container only has the necessary permissions to complete its tasks. This approach eliminates the risk of security breaches caused by excessive permissions. For more information about how to configure capabilities for a container, see Set capabilities for a Container.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Seccomp
                                                                                                                                                                                                              Seccomp is a mechanism that filters system calls, limiting the ones that processes can use to decrease the potential attack surface. Linux has many system calls, but not all are needed for containerized applications. By restricting the system calls that containers can execute, you can greatly reduce the risk of attacks on your applications.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Seccomp's main principle is to intercept all system calls and only allow trusted ones to pass. Container runtimes, such as Docker and containerd, come with default seccomp configurations that work for most common workloads.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              In Kubernetes clusters, you can configure seccomp policies for containers to use the default security configuration. The following shows how to configure seccomp in different versions of Kubernetes clusters:
                                                                                                                                                                                                              • For clusters of versions earlier than Kubernetes 1.19, you can use the following annotations to specify the seccomp configuration:
                                                                                                                                                                                                                annotations:
+  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              • For clusters of Kubernetes 1.19 and later versions, you can use securityContext to configure seccomp policies.
                                                                                                                                                                                                                securityContext:
+  seccompProfile:
+    type: RuntimeDefault
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              These configurations use the default seccomp policy, which permits containers to make a limited number of secure system calls. For more configuration options and advanced settings of seccomp, see Restrict a Container's Syscalls with seccomp.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              AppArmor and SELinux
                                                                                                                                                                                                              AppArmor and SELinux are both Mandatory Access Control (MAC) systems that offer a more stringent approach than traditional Discretionary Access Control (DAC) to manage and restrict process permissions. While similar to seccomp in concept, these systems provide more precise access control, including access to file system paths, network ports, and other resources.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              AppArmor and SELinux enable administrators to create policies that precisely manage the resources that applications can access. They can limit read and write permissions on specific files or directories, or regulate access to network ports.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Both systems are integrated into Kubernetes, allowing security policies to be applied at the container level.
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Parent topic: Security
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
diff --git a/docs/cce/umn/cce_bestpractice_10047.html b/docs/cce/umn/cce_bestpractice_10047.html
new file mode 100644
index 000000000..e86902629
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10047.html
@@ -0,0 +1,36 @@
+
+
+
                                                                                                                                                                                                              Configuration Suggestions on CCE Container Image Security
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Container images are the primary defense against external attacks and are crucial for securing applications, systems, and the entire supply chain. If an image is insecure, it can become a vulnerability for attackers to exploit. This can lead to the container escaping to its node, allowing attackers to access sensitive data on the node or use it as a launching pad to gain control over the entire cluster or tenant account. This section describes some recommended configurations to mitigate such risks.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Minimizing a Container Image
                                                                                                                                                                                                              To improve container image security, it is recommended that you remove any unnecessary binary files. When using an unknown image from Docker Hub, you are advised to review the image content with a tool like Dive. Dive provides layer-by-layer details of an image, helping to identify potential security risks. For details, see Dive.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              For improved security, it is recommended that you delete binary files with setuid and setgid permissions, because these can be exploited to elevate permissions. It is also wise to remove shell tools and applications that could be used maliciously, like nc and curl. To locate files with setuid and setgid bits, use the following command:
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              find / -perm /6000 -type f -exec ls -ld {} \;
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              To remove special permissions from the obtained files, add the following command to your container image:
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              RUN find / -xdev -perm /6000 -type f -exec chmod a-s {} \; || true
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Using Multi-Stage Builds
                                                                                                                                                                                                              Multi-stage builds are a great way to create container images efficiently, especially in the CI process. With multi-stage builds, you can perform lint checks on source code or static code analysis during the build process, providing quick feedback to developers. There is no need to wait for the entire build to finish.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Multi-stage builds offer significant security advantages by allowing developers to include only necessary components in container images, excluding build tools and other unnecessary binary files. This approach reduces the attack surface of images and improves overall security.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              For more information about the concepts, best practices, and advantages of multi-stage builds, see the Docker documentation. This will help you create streamlined and secure container images while optimizing development and deployment processes.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Using SWR
                                                                                                                                                                                                              SWR provides easy, secure, reliable management of container images throughout their lifecycles, featuring image push, pull, and deletion.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              SWR stands out for its precise permissions management, allowing administrators to customize access permissions for different users with read, edit, and manage levels. This ensures image security and compliance, meeting the needs of team collaboration.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Additionally, SWR offers automatic deployment capabilities. You can set a trigger to automatically deploy updated image versions. When a new image version is released, SWR automatically triggers the application that uses the image in CCE to update it, streamlining CI/CD.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              To further enhance SWR's security and flexibility, fine-grained permissions control can be added to IAM users. 
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Scanning an Image Using SWR
                                                                                                                                                                                                              With SWR, you can easily scan and secure your images with just a few clicks. Image scanning provides a thorough security check for your private images in repositories. It detects potential vulnerabilities and offers rectification suggestions.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Using an Image Signature and Configuring a Signature Verification Policy
                                                                                                                                                                                                              Image signature verification is a security measure that confirms whether a container image has been tampered with after its creation. The image creator can sign the image content, and a user can verify the image's integrity and source by checking the signature.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              This verification is crucial in maintaining container image security. By using image signature verification, organizations can guarantee the security and reliability of their containerized applications and safeguard them from potential security risks.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Adding the USER Instruction to a Dockerfile to Run Commands as a Non-root User
                                                                                                                                                                                                              Properly configuring user permissions during container build and deployment can greatly enhance container security. This not only helps prevent potential malicious activities, but also aligns with the principle of least privilege (PoLP).
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              By setting the USER instruction in Dockerfiles, subsequent commands are executed as non-root users, which is a standard security practice.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              • Limited permissions: Running a container as a non-root user can also mitigate potential security risks, because attackers cannot gain full control over the node even if the container is attacked.
                                                                                                                                                                                                              • Restricted access: Non-root users typically have limited permissions, which restrict their access to and operation capabilities on node resources.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              In addition to Dockerfiles, the securityContext field in podSpec of Kubernetes can be used to configure user and group IDs and enforce security policies during container deployment.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Parent topic: Security
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
diff --git a/docs/cce/umn/cce_bulletin_0000.html b/docs/cce/umn/cce_bulletin_0000.html
index c4dfea83e..5c3a01a8a 100644
--- a/docs/cce/umn/cce_bulletin_0000.html
+++ b/docs/cce/umn/cce_bulletin_0000.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              • Kubernetes Version Policy
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • 
-
                                                                                                                                                                                                              • CCE Console Upgrade
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              • EOM of CentOS
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • 
 
                                                                                                                                                                                                              • Security Vulnerability Responses
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • 
diff --git a/docs/cce/umn/cce_bulletin_0026.html b/docs/cce/umn/cce_bulletin_0026.html
index f1d7c1f10..61b2bfdce 100644
--- a/docs/cce/umn/cce_bulletin_0026.html
+++ b/docs/cce/umn/cce_bulletin_0026.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                                Resource Changes and Deprecations
                                                                                                                                                                                                                Kubernetes 1.21 Release Notes
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • CronJob is now in the stable state, and the version number changes to batch/v1.
                                                                                                                                                                                                                • The immutable Secret and ConfigMap have now been upgraded to the stable state. A new immutable field is added to these objects to reject changes. The rejection protects clusters from accidental updates that may cause application outages. As these resources are immutable, kubelet does not monitor or poll for changes. This reduces the load of kube-apiserver and improves scalability and performance of your clusters. For more information, see Immutable ConfigMaps.
                                                                                                                                                                                                                • Graceful node shutdown has been upgraded to the test state. With this update, kubelet can detect that a node is shut down and gracefully terminate the pods on the node. Prior to this update, when the node was shut down, its pod did not follow the expected termination lifecycle, which caused workload problems. Now kubelet can use systemd to detect the systems that are about to be shut down and notify the running pods to terminate them gracefully.
                                                                                                                                                                                                                • For a pod with multiple containers, you can use kubectl.kubernetes.io/ to pre-select containers.
                                                                                                                                                                                                                • PodSecurityPolicy is deprecated. For details, see https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/.
                                                                                                                                                                                                                • The BoundServiceAccountTokenVolume feature is in beta testing, which has changed the method of mounting tokens into pods for enhanced token security of the service account. This feature is enabled by default in Kubernetes clusters of v1.21 and later versions.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Kubernetes 1.20 Release Notes
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                • The API priority and fairness have reached the test state and are enabled by default. This allows kube-apiserver to classify incoming requests by priority. For more information, see API Priority and Fairness.
                                                                                                                                                                                                                • The bug of exec probe timeouts is fixed. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. Now, if no value is specified, the default value is used, that is, one second. If the detection time exceeds one second, the application health check may fail. Update the timeoutSeconds field for the applications that use this feature during the upgrade. The repair provided by the newly introduced ExecProbeTimeout feature gating enables the cluster operator to restore the previous behavior, but this behavior will be locked and removed in later versions.
                                                                                                                                                                                                                • RuntimeClass enters the stable state. RuntimeClass provides a mechanism to support multiple runtimes in a cluster and expose information about the container runtime to the control plane.
                                                                                                                                                                                                                • kubectl debugging has reached the test state. kubectl debugging provides support for common debugging workflows.
                                                                                                                                                                                                                • dockershim was marked as deprecated in Kubernetes 1.20. Currently, you can continue to use Docker in the cluster. This change is irrelevant to the container image used by clusters. You can still use Docker to build your images. For more information, see Dockershim Deprecation FAQ.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • The API priority and fairness have reached the test state and are enabled by default. This allows kube-apiserver to classify incoming requests by priority. For more information, see API Priority and Fairness.
                                                                                                                                                                                                                • The bug of exec probe timeouts is fixed. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. Now, if no value is specified, the default value is used, that is, one second. If the detection time exceeds one second, the application health check may fail. During the upgrade, update the timeoutSeconds field for the applications that use this feature. The repair provided by the newly introduced ExecProbeTimeout feature gating enables the cluster operator to restore the previous behavior, but this behavior will be locked and removed in later versions.
                                                                                                                                                                                                                • RuntimeClass enters the stable state. RuntimeClass provides a mechanism to support multiple runtimes in a cluster and expose information about the container runtime to the control plane.
                                                                                                                                                                                                                • kubectl debugging has reached the test state. kubectl debugging provides support for common debugging workflows.
                                                                                                                                                                                                                • dockershim was marked as deprecated in Kubernetes 1.20. Currently, you can continue to use Docker in the cluster. This change is irrelevant to the container image used by clusters. You can still use Docker to build your images. For more information, see Dockershim Deprecation FAQ.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                References
                                                                                                                                                                                                                For more details about the performance comparison and function evolution between Kubernetes 1.21 and other versions, see the following documents:
                                                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_bulletin_0033.html b/docs/cce/umn/cce_bulletin_0033.html
index 4f9971e02..1e403bd37 100644
--- a/docs/cce/umn/cce_bulletin_0033.html
+++ b/docs/cce/umn/cce_bulletin_0033.html
@@ -15,7 +15,18 @@
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      v1.29
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      v1.30
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In commercial usea
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      April 2024
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      October 2024
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      October 2026
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      v1.29
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      In commercial usea
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      v1.28
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      In commercial usea
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In commercial useb
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      August 2023
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      v1.23
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      In commercial useb
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In commercial useb
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      December 2021
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
 
 
 
                                                                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                      Table 1 Add-on classification and names
                                                                                                                                                                                                      Category
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      New Name
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Original Name
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Remarks
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Scheduling and elasticity
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE Cluster Autoscaler
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      autoscaler
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE Advanced HPA
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      cce-hpa-controller
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Volcano Scheduler
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      volcano
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Cloud native observability
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE Node Problem Detector
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      npd
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Cloud Native Cluster Monitoring
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      kube-prometheus-stack
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Kubernetes Metrics Server
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      metrics-server
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Featured open source
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Cloud native heterogeneous computing
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE AI Suite (NVIDIA GPU)
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      gpu-device-plugin (gpu-beta)
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Network
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CoreDNS
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      coredns
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      NGINX Ingress Controller
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      nginx-ingress
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Featured open source
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Storage
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE Container Storage (Everest)
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      everest
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE Container Storage (FlexVolume)
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      storage-driver
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CCE proprietary
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
-
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Parent topic: Product Bulletin
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
diff --git a/docs/cce/umn/cce_bulletin_0068.html b/docs/cce/umn/cce_bulletin_0068.html
index bae547eb9..b26d321c1 100644
--- a/docs/cce/umn/cce_bulletin_0068.html
+++ b/docs/cce/umn/cce_bulletin_0068.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                                                      The PV controller has been modified to automatically assign a default StorageClass to any unbound PVC with storageClassName not configured. Additionally, the PVC admission validation mechanism within the API server has been adjusted to allow changing values from an unset state to an actual StorageClass name. For details, see Retroactive default StorageClass assignment.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    42. Native sidecar containers are introduced.
                                                                                                                                                                                                      The native sidecar containers are available in alpha. Kubernetes 1.28 adds restartPolicy to Init containers. This field is available when the SidecarContainers feature gate is enabled. However, there are still some problems to be solved in the native sidecar containers. Therefore, the Kubernetes community recommends only using this feature gate in short lived testing clusters at the alpha phase. For details, see Introducing native sidecar containers.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    43. Mixed version proxy is introduced.
                                                                                                                                                                                                      A new mechanism (mixed version proxy) is released to improve cluster upgrade. It is an alpha feature in Kubernetes 1.28. When a cluster undergoes an upgrade, API servers of different versions in the cluster can serve different sets (groups, versions, or resources) of built-in resources. A resource request made in this scenario may be served by any of the available API servers, potentially resulting in the request ending up at an API server that may not be aware of the requested resource. As a result, the request fails. This feature can solve this problem. (Note that CCE provides hitless upgrade. Therefore, this feature is not used in CCE clusters.) For details, see A New (alpha) Mechanism For Safer Cluster Upgrades.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    44. Non-graceful node shutdown moves to GA.
                                                                                                                                                                                                      The non-graceful node shutdown is now GA in Kubernetes 1.28. When a node was shut down and that shutdown was not detected by the Kubelet's Node Shutdown Manager, the StatefulSet pods that run on this node will stay in the terminated state and cannot be moved to a running node. If you have confirmed that the shutdown node is unrecoverable, you can add an out-of-service taint to the node. This ensures that the StatefulSet pods and VolumeAttachments on this node can be forcibly deleted and the corresponding pods will be created on a healthy node. For details, see Non-Graceful Node Shutdown Moves to GA.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    45. Non-graceful node shutdown moves to GA.
                                                                                                                                                                                                      The non-graceful node shutdown is now GA in Kubernetes 1.28. When a node was shut down and that shutdown was not detected by the kubelet's Node Shutdown Manager, the StatefulSet pods that run on this node will stay in the terminated state and cannot be moved to a running node. If you have confirmed that the shutdown node is unrecoverable, you can add an out-of-service taint to the node. This ensures that the StatefulSet pods and VolumeAttachments on this node can be forcibly deleted and the corresponding pods will be created on a healthy node. For details, see Non-Graceful Node Shutdown Moves to GA.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    46. NodeSwap moves to beta.
                                                                                                                                                                                                      Support for NodeSwap goes to beta in Kubernetes 1.28. NodeSwap is disabled by default and can be enabled using the NodeSwap feature gate. NodeSwap allows you to configure swap memory usage for Kubernetes workloads running on Linux on a per-node basis. Note that although NodeSwap has reached beta, there are still some problems to be solved and security risks to be enhanced. For details, see Beta Support for Using Swap on Linux.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    47. Two job-related features are added.
                                                                                                                                                                                                      Two alpha features are introduced: delayed creation of replacement pods and backoff limit per index.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Delayed creation of replacement pods
                                                                                                                                                                                                        By default, when a pod enters the terminating state (for example, due to the preemption or eviction), Kubernetes immediately creates a replacement pod. Therefore, both pods are running concurrently.
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bulletin_0089.html b/docs/cce/umn/cce_bulletin_0089.html
index 89325a157..6879a7887 100644
--- a/docs/cce/umn/cce_bulletin_0089.html
+++ b/docs/cce/umn/cce_bulletin_0089.html
@@ -17,7 +17,7 @@
 
                                                                                                                                                                                                      • Backoff limit per index (beta)
                                                                                                                                                                                                        The backoff limit per index moves to beta. By default, pod failures for indexed jobs are counted and restricted by the global limit of retries, specified by .spec.backoffLimit. This means that if there is a consistently failing index in a job, pods specified by the job will be restarted repeatedly until pod failures exhaust the limit. Once the limit is reached, the job is marked failed and pods for other indexes in the job may never be even started. The feature allows you to complete execution of all indexes, despite some indexes failing, and to better use the compute resources by avoiding unnecessary retries of consistently failing indexes.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    48. Native sidecar containers are in the beta state.
                                                                                                                                                                                                      Native sidecar containers are promoted to beta. The restartPolicy field is added to initContainers. When this field is set to Always, the sidecar container is enabled. The sidecar container and service container are deployed in the same pod. This cannot prolong the pod lifecycle. Sidecar containers are commonly used in scenarios such as network proxy and log collection. For details, see Sidecar Containers.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    49. The legacy ServiceAccount token cleaner is in the beta state.
                                                                                                                                                                                                      Legacy ServiceAccount token cleaner is promoted to beta. It runs as part of kube-controller-manager and checks every 24 hours to see if any auto-generated legacy ServiceAccount token has not been used in a specific amount of time (one year by default, specified by --legacy-service-account-token-clean-up-period). If so, the cleaner marks those tokens as invalid and adds the kubernetes.io/legacy-token-invalid-since label whose value is the current date. If an invalid token is not used for a specific period of time (one year by default, specified by --legacy-service-account-token-clean-up-period), the cleaner deletes it. For details, see Legacy ServiceAccount Token Cleaner.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    50. The legacy ServiceAccount token cleaner is in the beta state.
                                                                                                                                                                                                      Legacy ServiceAccount token cleaner is promoted to beta. It runs as part of kube-controller-manager and checks every 24 hours to see if any auto-generated legacy ServiceAccount token has not been used in a specific amount of time (one year by default, specified by --legacy-service-account-token-clean-up-period). If so, the cleaner marks those tokens as invalid and adds the kubernetes.io/legacy-token-invalid-since label whose value is the current date. If an invalid token is not used for a specific period of time (one year by default, specified by --legacy-service-account-token-clean-up-period), the cleaner deletes it. For details, see Legacy ServiceAccount token cleaner.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    51. DevicePluginCDIDevices is in the beta state.
                                                                                                                                                                                                      DevicePluginCDIDevices moves to beta. With this feature enabled, plugin developers can use the CDIDevices field added to DeviceRunContainerOptions to pass CDI device names directly to CDI enabled runtimes.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    52. PodHostIPs is in the beta state.
                                                                                                                                                                                                      The PodHostIPs feature moves to beta. With this feature enabled, Kubernetes adds the hostIPs field to Status of pods and downward API to expose node IP addresses to workloads. This field specifies the dual-stack protocol version of the host IP address. The first IP address is always the same as the host IP address.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    53. The API Priority and Fairness feature (APF) is in the GA state.
                                                                                                                                                                                                      APF moves to GA. APF classifies and isolates requests in a more fine-grained way. It improves max-inflight limitations. It also introduces a limited amount of queuing, so that the API server does not reject any request in cases of very brief bursts. Requests are dispatched from queues using a fair queuing technique so that, for example, a poorly-behaved controller does not cause others (even at the same priority level) to become abnormal. For details, see API Priority and Fairness.
                                                                                                                                                                                                      
@@ -26,7 +26,7 @@
 
                                                                                                                                                                                                    54. The phase transition timestamp of PersistentVolume (PV) is in the beta state.
                                                                                                                                                                                                      The PV phase transition timestamp moves to beta. With this feature enabled, Kubernetes adds the lastPhaseTransitionTime field to the status field of a PV to indicate the time when the PV phase changes last time. Cluster administrators are now able to track the last time a PV transitioned to a different phase, allowing for more efficient and informed resource management. For details, see PersistentVolume Last Phase Transition Time in Kubernetes.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    55. ReadWriteOncePod is in the GA state.
                                                                                                                                                                                                      The ReadWriteOncePod feature moves to GA. With this feature enabled, you can set the access mode to ReadWriteOncePod in a PersistentVolumeClaim (PVC) to ensure that only one pod can modify data in the volume at a time. This can prevent data conflicts or damage. For details, see ReadWriteOncePod.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    56. CSINodeExpandSecret is in the GA state.
                                                                                                                                                                                                      The CSINodeExpandSecret feature moves to GA. This feature allows secret authentication data to be passed to a CSI driver for use when a node is added.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    57. The CEL-based CustomResourceDefinition (CRD) verification capability is in the GA state.
                                                                                                                                                                                                      The CEL-based CRD verification capability moves to GA. With this feature enabled, you are allowed to use the CEL to define validation rules in CRDs, which are more efficient than webhook. For details, see CRD verification rules.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    58. The CEL-based CRD verification capability is in the GA state.
                                                                                                                                                                                                      The CEL-based CRD verification capability moves to GA. With this feature enabled, you are allowed to use the CEL to define validation rules in CRDs, which are more efficient than webhook. For details, see CRD verification rules.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      59. 
 
 
                                                                                                                                                                                                      API Changes and Removals
                                                                                                                                                                                                      • The time zone of a newly created cron job cannot be configured using TZ or CRON_TZ in .spec.schedule. Use .spec.timeZone instead. Cron jobs that have been created are not affected by this change.
                                                                                                                                                                                                      • The alpha API ClusterCIDR is removed.
                                                                                                                                                                                                      • The startup parameter --authentication-config is added to kube-apiserver to specify the address of the AuthenticationConfiguration file. This startup parameter is mutually exclusive with the --oidc-* startup parameter.
                                                                                                                                                                                                      • The API version kubescheduler.config.k8s.io/v1beta3 of KubeSchedulerConfiguration is removed. Migrate kube-scheduler configuration files to kubescheduler.config.k8s.io/v1.
                                                                                                                                                                                                      • The CEL expressions are added to v1alpha1 AuthenticationConfiguration.
                                                                                                                                                                                                      • The ServiceCIDR type is added. It allows you to dynamically configure the IP address range used by a cluster to allocate the Service ClusterIPs.
                                                                                                                                                                                                      • The startup parameters --conntrack-udp-timeout and --conntrack-udp-timeout-stream are added to kube-proxy. They are options for configuring the kernel parameters nf_conntrack_udp_timeout and nf_conntrack_udp_timeout_stream.
                                                                                                                                                                                                      • Support for CEL expressions is added to WebhookMatchCondition of v1alpha1 AuthenticationConfiguration.
                                                                                                                                                                                                      • The type of PVC.spec.Resource is changed from ResourceRequirements to VolumeResourceRequirements.
                                                                                                                                                                                                      • onPodConditions in PodFailurePolicyRule is marked as optional.
                                                                                                                                                                                                      • The API version flowcontrol.apiserver.k8s.io/v1beta3 of FlowSchema and PriorityLevelConfiguration has been promoted to flowcontrol.apiserver.k8s.io/v1, and the following changes have been made:
                                                                                                                                                                                                        • PriorityLevelConfiguration: The .spec.limited.nominalConcurrencyShares field defaults to 30 if the field is omitted. To ensure compatibility with 1.28 API servers, specifying an explicit 0 value is not allowed in the v1 version in 1.29. In 1.30, explicit 0 values will be allowed in this field in the v1 API. The flowcontrol.apiserver.k8s.io/v1beta3 APIs are deprecated and will no longer be served in 1.32.
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_bulletin_0095.html b/docs/cce/umn/cce_bulletin_0095.html
new file mode 100644
index 000000000..c9ed28e05
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0095.html
@@ -0,0 +1,28 @@
+
+
+
                                                                                                                                                                                                        Kubernetes 1.30 Release Notes
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CCE allows you to create Kubernetes clusters 1.30. This section describes the changes made in Kubernetes 1.30.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Indexes
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        New and Enhanced Features
                                                                                                                                                                                                        • Webhook matching expression is in the GA state.
                                                                                                                                                                                                          The Webhook matching expression feature is advanced to GA. This feature enables admission webhooks to be matched based on specific conditions, providing control over the triggering conditions of the webhooks in a more precise granularity. For details, see Dynamic Admission Control.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Pod scheduling readiness is in the GA state.
                                                                                                                                                                                                          The pod scheduling readiness feature is advanced to GA. With this feature, you can add custom scheduling gates to a pod and manage when to eliminate them. The pod will only be deemed ready for scheduling once all scheduling gates have been removed. For details, see Pod Scheduling Readiness.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Validating admission policies are in the GA state.
                                                                                                                                                                                                          Validating admission policies are advanced to GA. This feature allows you to declare the validating admission policies of resources using Common Expression Language (CEL). For details, see Validating Admission Policy.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Horizontal pod auto scaling based on container resource metrics is in the GA state.
                                                                                                                                                                                                          The horizontal pod auto scaling feature based on container resource metrics is advanced to GA. This feature allows HPA to configure auto scaling based on the resource usage of each container within a pod, rather than just the overall resource usage of the pod. This makes it easier to set scaling thresholds for the most critical containers in a pod. For details, see Container resource metrics.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • The legacy ServiceAccount token cleaner is in the GA state.
                                                                                                                                                                                                          The legacy ServiceAccount token cleaner feature is advanced to GA. It runs as part of kube-controller-manager and checks every 24 hours to see if any auto-generated legacy ServiceAccount token has not been used in a specific amount of time (one year by default, specified by --legacy-service-account-token-clean-up-period). If so, the cleaner marks those tokens as invalid and adds the kubernetes.io/legacy-token-invalid-since label whose value is the current date. If an invalid token is not used for a specific period of time (one year by default, specified by --legacy-service-account-token-clean-up-period), the cleaner deletes it. For details, see Legacy ServiceAccount token cleaner.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • The minimum domain in the pod topology spread is in the GA state.
                                                                                                                                                                                                          The minimum domain feature in pod topology spread is advanced to GA. This feature allows you to configure a minimum number of domains that meet specific conditions by using the minDomains field in the pod configuration. If the number of domains that match the load topology constraints exceeds the minDomains value, this field will not affect the settings. However, if the number of domains that match the load topology constraints is less than the minDomains value, the global minimum value is set to 0, which represents the minimum number of matched pods in domains that meet the conditions. To prevent pods from being scheduled when topology constraints are not met, this field must be used together with whenUnsatisfiable: DoNotSchedule. For details, see Spread constraint definition.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        API Changes and Removals
                                                                                                                                                                                                        • kubectl removes the prune-whitelist parameter of the apply command and replaces it with prune-allowlist.
                                                                                                                                                                                                        • SecurityContextDeny, which has been deprecated in Kubernetes 1.27, is replaced by Pod Security admission.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Enhanced Kubernetes 1.30 on CCE
                                                                                                                                                                                                        During a version maintenance period, CCE periodically updates Kubernetes 1.30 and provides enhanced functions.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        For details about cluster version updates, see Patch Versions.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        References
                                                                                                                                                                                                        For more details about the performance comparison and function evolution between Kubernetes 1.30 and other versions, see Kubernetes v1.30 Release Notes.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Kubernetes Version Release Notes
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_bulletin_0098.html b/docs/cce/umn/cce_bulletin_0098.html
new file mode 100644
index 000000000..85d72dda0
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0098.html
@@ -0,0 +1,52 @@
+
+
+
                                                                                                                                                                                                        EOM of CentOS
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Released: Oct 23, 2024
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CentOS has reached its end of maintenance (EOM) date, which means it will no longer receive updates or support. The CentOS public images on CCE are sourced from the official CentOS. As a result, CCE will no longer provide support for CentOS once it is no longer maintained. This section describes the effects of the CentOS EOM and offers solutions to mitigate them.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Background
                                                                                                                                                                                                        On December 8, 2020, CentOS officially announced the plan to stop maintaining CentOS Linux and launched CentOS Stream. For more information, see the CentOS official documentation.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CentOS 8 ended on December 31, 2021, and CentOS 7 ended on June 30, 2024. CentOS 9 and any future versions are no longer available, and there will be no further software patches or updates provided by the CentOS official. CentOS services may be exposed to risks or even become unavailable, and it will not be possible to restore them in a timely manner.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Impact
                                                                                                                                                                                                        According to the official CentOS change plan, there will be the following impacts on users:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • CentOS 7 users cannot receive any software maintenance or support, including bug fixes and feature updates, after June 30, 2024.
                                                                                                                                                                                                        • CCE will not remove CentOS 7 public images, and nodes created with CentOS 7 will not be affected, but images will no longer get updated.
                                                                                                                                                                                                        • CCE will provide support for CentOS in line with the official CentOS release date.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        • For a newly created node pool or node
                                                                                                                                                                                                          When creating a node pool or node, change CentOS to a supported OS. HCE is recommended.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • For an existing node pool
                                                                                                                                                                                                          Change CentOS to a supported OS. If you do not need to modify the node configurations, such as the number and type of VPCs and disks, but you want to modify the node OS image and your software is not tightly linked to the original OS, it is recommended that you reset the node to change the OS.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. In the navigation pane, choose Nodes. On the displayed page, click the Node Pools tab.
                                                                                                                                                                                                          2. Select the node pool to be updated, click Update, and change CentOS to a supported OS. HCE is recommended.
                                                                                                                                                                                                          3. In the node list of the target node pool, select a node and choose More > Reset Node in the Operation column. (After a node is reset, the node OS will be reinstalled. Before resetting a node, drain the node to gracefully evict the pods running on the node to other available nodes. Perform this operation during off-peak hours.)
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Supported OS
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Intended Audience
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          HCE
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          HCE is a cloud OS built on openEuler.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          It offers cloud native, high-performing, secure, and easy-to-migrate capabilities. This accelerates service migration to the cloud and promotes application innovation. You can use it to replace OSs such as CentOS and EulerOS.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Individuals or enterprises who prefer free images and want to keep using images from the open-source communities
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Ubuntu
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Ubuntu is a Linux distribution. Different OSs reflect different usage habits and application compatibilities.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Individuals or enterprises who can handle the cost of switching OSs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           
                                                                                                                                                                                                          To upgrade a node's OS, replace the system disks in batches. It is important to avoid storing any important data in the system disks or back up the data beforehand. The upgrade process will not affect the data disks.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Product Bulletin
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_0000.html b/docs/cce/umn/cce_faq_0000.html
index 2c67746a3..b9d046bc3 100644
--- a/docs/cce/umn/cce_faq_0000.html
+++ b/docs/cce/umn/cce_faq_0000.html
@@ -8,7 +8,7 @@
 
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Failed to pull image "xxx": rpc error: code = Unknown desc = Error response from daemon: Get xxx: denied: You may not login yet
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Failed to pull image "xxx": rpc error: code = Unknown desc = Error response from daemon: Get xxx: denied: You may not login yet
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      You have not logged in to the image repository.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 1: Whether imagePullSecret Is Specified When You Use kubectl to Create a Workload
                                                                                                                                                                                                      
@@ -102,7 +102,7 @@ spec:
 
                                                                                                                                                                                                      Failed create pod sandbox: rpc error: code = Unknown desc = failed to create a sandbox for pod "nginx-6dc48bf8b6-l8xrw": Error response from daemon: mkdir xxxxx: no space left on device
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Run the following command to obtain the disk space for storing images on a node:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      lvs
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution 1: Clearing images
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Perform the following operations to clear unused images:
                                                                                                                                                                                                      • Nodes that use containerd
                                                                                                                                                                                                        1. Obtain local images on the node.
                                                                                                                                                                                                          crictl images -v
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        2. Delete the images that are not required by image ID.
                                                                                                                                                                                                          crictl rmi Image ID
                                                                                                                                                                                                          
@@ -121,26 +121,33 @@ spec:
 
                                                                                                                                                                                                          Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                            # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                   8:0    0   50G  0 disk 
-└─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                            
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
 
                                                                                                                                                                                                          2. Expand the disk capacity.
                                                                                                                                                                                                            Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                              pvresize /dev/vdb
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                                pvresize /dev/sdb
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Physical volume "/dev/vdb" changed
+
                                                                                                                                                                                                                Physical volume "/dev/sdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                                lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+
                                                                                                                                                                                                                Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to 140.00 GiB (35840 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                                resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
-old_desc_blocks = 12, new_desc_blocks = 24
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                                
+old_desc_blocks = 12, new_desc_blocks = 18
+The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            2. Check whether the capacity is expanded.
                                                                                                                                                                                                              # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk
+├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                              # lsblk
@@ -165,7 +172,20 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                          4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                            # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   167G  0 lvm             # Thin pool space after capacity expansion
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                            
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
@@ -173,25 +193,38 @@ Logical volume vgpaas/thinpool successfully resized.
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
 
                                                                                                                                                                                                      2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                        lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (4607 extents) to <118.00 GiB (30208 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                        resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
-old_desc_blocks = 4, new_desc_blocks = 16
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                        
+old_desc_blocks = 3, new_desc_blocks = 15
+The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
+
                                                                                                                                                                                                      4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   118G  0 lvm  /var/lib/docker     # dockersys after capacity expansion
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm             
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      Check Item 5: Whether the Remote Image Repository Uses an Unknown or Insecure Certificate
                                                                                                                                                                                                      When a pod pulls an image from a third-party image repository that uses an unknown or insecure certificate, the image fails to be pulled from the node. The pod event list contains the event "Failed to pull the image" with the cause "x509: certificate signed by unknown authority".
                                                                                                                                                                                                      
-
                                                                                                                                                                                                       
                                                                                                                                                                                                      The security of EulerOS 2.9 images is enhanced. Some insecure or expired certificates are removed from the system. It is normal that this error is reported in EulerOS 2.9 but not or some third-party images on other types of nodes. You can also perform the following operations to rectify the fault.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       
                                                                                                                                                                                                      The security of EulerOS 2.9 images has been improved by removing insecure or expired certificates from the system. While some third-party images on certain nodes may not report any errors, it is common for this type of error to occur in EulerOS 2.9. To fix the issue, you can carry out the following operations.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Check the IP address and port number of the third-party image server for which the error message "unknown authority" is displayed.
                                                                                                                                                                                                        You can see the IP address and port number of the third-party image server for which the error is reported in the event information "Failed to pull image".
                                                                                                                                                                                                        Failed to pull image "bitnami/redis-cluster:latest": rpc error: code = Unknown desc = error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/e8/e83853f03a2e792614e7c1e6de75d63e2d6d633b4e7c39b9d700792ee50f7b56/data?verify=1636972064-AQbl5RActnudDZV%2F3EShZwnqOe8%3D: x509: certificate signed by unknown authority
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The IP address of the third-party image server is production.cloudflare.docker.com, and the default HTTPS port number is 443.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      2. Load the root certificate of the third-party image server to the node where the third-party image is to be downloaded.
                                                                                                                                                                                                        Run the following commands on the EulerOS and CentOS nodes with {server_url}:{server_port} replaced with the IP address and port number obtained in Step 1, for example, production.cloudflare.docker.com:443:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Load the root certificate of the third-party image server to the node where the third-party image is to be downloaded.
                                                                                                                                                                                                        Run the following command on the EulerOS and CentOS nodes with {server_url}:{server_port} replaced with the IP address and port number obtained in Step 1, for example, production.cloudflare.docker.com:443.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        If the container engine of the node is containerd, replace systemctl restart docker with systemctl restart containerd.
                                                                                                                                                                                                        openssl s_client -showcerts -connect {server_url}:{server_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/pki/ca-trust/source/anchors/tmp_ca.crt
 update-ca-trust
 systemctl restart docker
                                                                                                                                                                                                        
@@ -229,14 +262,14 @@ systemctl restart docker
 
                                                                                                                                                                                                        Or
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        you have reached your pull rate limit, you may increase the limit by authenticating an upgrading: https://www.docker.com/increase-rate-limits.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Possible Causes
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Docker Hub sets the maximum number of container image pull requests. For details, see Understanding Your Docker Hub Rate Limit.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Docker Hub sets the maximum number of container image pull requests. For details, see Docker Hub pull usage and limits.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Push the frequently used image to SWR and then pull the image from SWR.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_faq_00018.html b/docs/cce/umn/cce_faq_00018.html
index 41d8b394e..8a6313aae 100644
--- a/docs/cce/umn/cce_faq_00018.html
+++ b/docs/cce/umn/cce_faq_00018.html
@@ -62,11 +62,11 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      In addition to the preceding possible causes, there are some other possible causes:
                                                                                                                                                                                                      
 
-
                                                                                                                                                                                                      Figure 1 Troubleshooting process of the container restart failure
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 Troubleshooting process of the container restart failure
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 1: Whether There Are Processes that Keep Running in the Container (Exit Code: 0)
                                                                                                                                                                                                      1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                      2. View the container status.
                                                                                                                                                                                                        docker ps -a | grep $podName
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Example:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        If no running process exists in the container, the status code Exited (0) is displayed.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -77,7 +77,7 @@
 
 
                                                                                                                                                                                                      Check Item 3: Whether the Container Disk Space Is Insufficient
                                                                                                                                                                                                      The following message refers to the thin pool disk that is allocated from the Docker disk selected during node creation. You can run the lvs command as user root to view the current disk usage.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Thin Pool has 15991 free data blocks which are less than minimum required 16383 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution 1: Clearing images
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Perform the following operations to clear unused images:
                                                                                                                                                                                                      • Nodes that use containerd
                                                                                                                                                                                                        1. Obtain local images on the node.
                                                                                                                                                                                                          crictl images -v
                                                                                                                                                                                                          
@@ -97,26 +97,33 @@
 
                                                                                                                                                                                                          Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                            # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                   8:0    0   50G  0 disk 
-└─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                            
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
 
                                                                                                                                                                                                          2. Expand the disk capacity.
                                                                                                                                                                                                            Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                              pvresize /dev/vdb
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                                pvresize /dev/sdb
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Physical volume "/dev/vdb" changed
+
                                                                                                                                                                                                                Physical volume "/dev/sdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                                lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+
                                                                                                                                                                                                                Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to 140.00 GiB (35840 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                                resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Information similar to the following is displayed:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
-old_desc_blocks = 12, new_desc_blocks = 24
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                                
+old_desc_blocks = 12, new_desc_blocks = 18
+The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            2. Check whether the capacity is expanded.
                                                                                                                                                                                                              # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk
+├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                              # lsblk
@@ -141,7 +148,20 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                              Information similar to the following is displayed:
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                          4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                            # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   167G  0 lvm             # Thin pool space after capacity expansion
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                            
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
@@ -149,20 +169,33 @@ Logical volume vgpaas/thinpool successfully resized.
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
 
                                                                                                                                                                                                      2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                        lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (4607 extents) to <118.00 GiB (30208 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                        resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
-old_desc_blocks = 4, new_desc_blocks = 16
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                        
+old_desc_blocks = 3, new_desc_blocks = 15
+The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
+
                                                                                                                                                                                                      4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   118G  0 lvm  /var/lib/docker     # dockersys after capacity expansion
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm             
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      Check Item 4: Whether the Upper Limit of Container Resources Has Been Reached
                                                                                                                                                                                                      If the upper limit of container resources has been reached, OOM will be displayed in the event details as well as in the log:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      cat /var/log/messages | grep 96feb0a425d6 | grep oom
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      When a workload is created, if the requested resources exceed the configured upper limit, the system OOM is triggered and the container exits unexpectedly.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 5: Whether the Resource Limits Are Improperly Configured for the Container
                                                                                                                                                                                                      If the resource limits set for the container during workload creation are less than required, the container fails to be restarted.
                                                                                                                                                                                                      
@@ -170,7 +203,7 @@ The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
 
                                                                                                                                                                                                      Check Item 6: Whether the Container Ports in the Same Pod Conflict with Each Other
                                                                                                                                                                                                      1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                      2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                        docker ps -a | grep $podName
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. View the logs of the corresponding container.
                                                                                                                                                                                                        docker logs $containerID
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Rectify the fault of the workload based on logs. As shown in the following figure, container ports in the same pod conflict. As a result, the container fails to be started.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Re-create the workload and set a port number that is not used by any other pod.
                                                                                                                                                                                                      
@@ -184,7 +217,7 @@ The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
 
                                                                                                                                                                                                      # echo -n "Content to be encoded" | base64
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 8: Whether the Container Startup Command Is Correctly Configured
                                                                                                                                                                                                      The error messages are as follows:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Click the workload name to go to the workload details page, click the Containers tab. Choose Lifecycle, click Startup Command, and ensure that the command is correct.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -192,7 +225,7 @@ The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
 
                                                                                                                                                                                                      1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                      2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                        docker ps -a | grep $podName
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. View the logs of the corresponding container.
                                                                                                                                                                                                        docker logs $containerID
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Note: In the preceding command, containerID indicates the ID of the container that has exited.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 3 Incorrect startup command of the container
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 3 Incorrect startup command of the container
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        As shown in the figure above, the container fails to be started due to an incorrect startup command. For other errors, rectify the bugs based on the logs.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
@@ -201,7 +234,7 @@ The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
 
                                                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_faq_00020.html b/docs/cce/umn/cce_faq_00020.html
index 98d5d7cc8..ad3c0c9ec 100644
--- a/docs/cce/umn/cce_faq_00020.html
+++ b/docs/cce/umn/cce_faq_00020.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                      A node is running properly and has GPU resources. However, the following error information is displayed:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      0/9 nodes are available: 9 insufficient nvidia.com/gpu
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Analysis
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Check whether the node is attached with NVIDIA label.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Check whether the node is attached with NVIDIA label.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        2. Check whether the NVIDIA driver is running properly.
                                                                                                                                                                                                          Log in to the node where the add-on is running and view the driver installation log in the following path:
                                                                                                                                                                                                          /opt/cloud/cce/nvidia/nvidia_installer.log
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
@@ -20,7 +20,7 @@
 
                                                                                                                                                                                                          cat /usr/local/cuda/version.txt
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Check whether the CUDA version supported by the NVIDIA driver version of the node where the container is located contains the CUDA version of the container.
                                                                                                                                                                                                          
 
-
                                                                                                                                                                                                          Helpful Links
                                                                                                                                                                                                          What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Helpful Links
                                                                                                                                                                                                          What Should I Do If an Error Occurs When I Deploy a Service on the GPU Node?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00022.html b/docs/cce/umn/cce_faq_00022.html
index c779829b1..958985cdd 100644
--- a/docs/cce/umn/cce_faq_00022.html
+++ b/docs/cce/umn/cce_faq_00022.html
@@ -10,7 +10,7 @@
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Parent topic: Network Fault
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Network Exception Troubleshooting
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_faq_00027.html b/docs/cce/umn/cce_faq_00027.html
index 9e8093111..132629f9d 100644
--- a/docs/cce/umn/cce_faq_00027.html
+++ b/docs/cce/umn/cce_faq_00027.html
@@ -1,30 +1,36 @@
 
 
 
                                                                                                                                                                                                          How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Note
                                                                                                                                                                                                          • The node images in the same cluster must be the same. Pay attention to this when creating, adding, or accepting nodes in a cluster.
                                                                                                                                                                                                          • If you need to allocate user space from the data disk when creating a node, do not set the data storage path to any key directory. For example, to store data in the /home directory, set the directory to /home/test instead of /home.
                                                                                                                                                                                                             
                                                                                                                                                                                                            Do not set Path inside a node to the root directory /. Otherwise, the mounting fails. Set Path inside a node to any of the following:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Notes
                                                                                                                                                                                                            • The node images in the same cluster must be the same. Pay attention to this when creating, adding, or accepting nodes in a cluster.
                                                                                                                                                                                                            • If you need to allocate user space from the data disk when creating a node, do not set the data storage path to any key directory. For example, to store data in the /home directory, set the directory to /home/test instead of /home.
                                                                                                                                                                                                               
                                                                                                                                                                                                              Do not set Path inside a node to the root directory /. Otherwise, the mounting fails. Set Path inside a node to any of the following:
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • /opt/xxxx (excluding /opt/cloud)
                                                                                                                                                                                                              • /mnt/xxxx (excluding /mnt/paas)
                                                                                                                                                                                                              • /tmp/xxx
                                                                                                                                                                                                              • /var/xxx (excluding key directories such as /var/lib, /var/script, and /var/paas)
                                                                                                                                                                                                              • /xxxx (It cannot conflict with the system directory, such as bin, lib, home, root, boot, dev, etc, lost+found, mnt, proc, sbin, srv, tmp, var, media, opt, selinux, sys, and usr.)
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Do not set it to /home/paas, /var/paas, /var/lib, /var/script, /mnt/paas, or /opt/cloud. Otherwise, the system or node installation will fail.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Check Item 1: Subnet Quota
                                                                                                                                                                                                            Symptom
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            New nodes cannot be added to a CCE cluster, and a message is displayed indicating that the subnet quota is insufficient.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Check Item 1: Available IP Addresses in the Subnet
                                                                                                                                                                                                            Symptom
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            New nodes cannot be added to a CCE cluster, and a message is displayed, indicating that the available IP addresses in the subnet are insufficient.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Cause Analysis
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Example:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            VPC CIDR block: 192.168.66.0/24
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Subnet CIDR block: 192.168.66.0/24
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            In 192.168.66.0/24, all 251 private IP addresses have been used.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            The default node subnet CIDR block of the cluster is too small, causing all the available private IP addresses in the subnet to be exhausted. Consequently, it is not possible to allocate any private IP addresses to the nodes.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Solution
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. Expand the VPC.
                                                                                                                                                                                                              Log in to the console and choose Virtual Private Cloud from the service list. On the page displayed, locate the row containing the target VPC and click Edit CIDR Block in the Operation column.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            2. Change the subnet mask to 16 and click OK.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            3. Click the VPC name. On the Summary tab page, click the number next to Subnets on the right and click Create Subnet to create a subnet.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            4. Return to the page for adding a node on the CCE console, and select the newly created subnet.
                                                                                                                                                                                                               
                                                                                                                                                                                                              1. Adding subnets to the VPC does not affect the use of the existing 192.168.66.0/24 CIDR block.
                                                                                                                                                                                                                You can select a new subnet when creating a CCE node. The new subnet has a maximum of 251 private IP addresses. If the number of private IP addresses cannot meet service requirements, you can add more subnets.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              2. Subnets in the same VPC can communicate with each other.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              • Scenario 1: IP addresses in the VPC CIDR block are not used up.
                                                                                                                                                                                                                When creating a node, you can select a new node subnet in the network configuration. If no node subnet is available, you can go to the VPC console and create a node subnet. 
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              • Scenario 2: All IP addresses in the VPC CIDR block have been used up.
                                                                                                                                                                                                                If all IP addresses in the VPC CIDR block have been used up, you need to expand the VPC CIDR block and create a node subnet.
                                                                                                                                                                                                                1. Log in to the management console. In the service list, choose Virtual Private Cloud. In the VPC list, locate the row containing the target VPC and click Edit CIDR block in the Operation column.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. After adding a secondary CIDR block, click OK.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                3. In the navigation pane, choose Subnets and click Create Subnet to create a subnet for the VPC where the cluster resides.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                4. Go back to the page for adding a node on the CCE console, and select the newly created subnet.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  1. Adding subnets to the VPC does not affect the use of the existing CIDR blocks. If the service requirements still cannot be met, you can add more subnets.
                                                                                                                                                                                                                  2. Subnets in the same VPC can communicate with each other through the private network.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Check Item 2: EIP Quota
                                                                                                                                                                                                            Symptom
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 2: EIP Quota
                                                                                                                                                                                                          Symptom
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          When a node is added, EIP is set to Auto create. The node cannot be created, and a message indicating that EIPs are insufficient is displayed.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
@@ -34,10 +40,17 @@
 
                                                                                                                                                                                                          Check Item 3: Security Group
                                                                                                                                                                                                          Symptom
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          A node cannot be added to a CCE cluster.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          You can click the cluster name to view the cluster details. In the Networking Configuration area, click the icon next to Default security group of the node to check whether the default security group is deleted and whether the security group rules comply with How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          You can click the cluster name to view the cluster details. In the Networking Configuration area, click the icon next to the value of Default Node Security Group to check whether the default security group is deleted and whether the security group rules comply with How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          If your account has multiple clusters and you need to manage network security policies of nodes in a unified manner, you can specify custom security groups.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 4: Resource Quota
                                                                                                                                                                                                          Symptom
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          When a node is added to a CCE cluster, a message is displayed, indicating that the resource quota is insufficient.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          You can click Increase Quota to go to the corresponding page and increase the quota.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00028.html b/docs/cce/umn/cce_faq_00028.html
index 5be272c0a..cb4881678 100644
--- a/docs/cce/umn/cce_faq_00028.html
+++ b/docs/cce/umn/cce_faq_00028.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                      Automatic Migration with Containers
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Multi-node Mounting
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Multi-Node Mounting
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
 
 
                                                                                                                                                                                                      
-
@@ -59,7 +59,7 @@
 
-
-
@@ -166,9 +166,9 @@
 
-
-
                                                                                                                                                                                                      Table 1 Pod scheduling failure
                                                                                                                                                                                                      Event
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
@@ -80,8 +80,8 @@ NAME           STATUS   ROLES    AGE   VERSION
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 2: Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                                      0/2 nodes are available: 2 Insufficient cpu. This means insufficient CPUs.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      0/2 nodes are available: 2 Insufficient memory. This means insufficient memory.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check Item 2: Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                                      0/2 nodes are available: 2 Insufficient cpu.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      0/2 nodes are available: 2 Insufficient memory.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If the resources requested by the pod exceed the allocatable resources of the node where the pod runs, the node cannot provide the resources required to run new pods and pod scheduling onto the node will definitely fail.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If the number of resources that can be allocated to a node is less than the number of resources that a pod requests, the node does not meet the resource requirements of the pod. As a result, the scheduling fails.
                                                                                                                                                                                                      
@@ -95,7 +95,7 @@ NAME           STATUS   ROLES    AGE   VERSION
 
                                                                                                                                                                                                      0/2 nodes are available: 1 node(s) didn't match node selector, 1 node(s) didn't match pod affinity rules, 1 node(s) didn't match pod affinity/anti-affinity.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • node selector indicates that the node affinity is not met.
                                                                                                                                                                                                      • pod affinity rules indicate that the pod affinity is not met.
                                                                                                                                                                                                      • pod affinity/anti-affinity indicates that the pod affinity/anti-affinity is not met.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • When adding workload-workload affinity and workload-node affinity policies, ensure that the two types of policies do not conflict each other. Otherwise, workload deployment will fail.
                                                                                                                                                                                                      • If the workload has a node affinity policy, make sure that supportContainer in the label of the affinity node is set to true. Otherwise, pods cannot be scheduled onto the affinity node and the following event is generated:
                                                                                                                                                                                                        No nodes are available that match all of the following predicates: MatchNode Selector, NodeNotSupportsContainer
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • When adding workload-workload affinity and workload-node affinity policies, ensure that the two types of policies do not with conflict each other. Otherwise, workload deployment will fail.
                                                                                                                                                                                                        • If the workload has a node affinity policy, make sure that supportContainer in the label of the affinity node is set to true. Otherwise, pods cannot be scheduled onto the affinity node and the following event is generated:
                                                                                                                                                                                                          No nodes are available that match all of the following predicates: MatchNode Selector, NodeNotSupportsContainer
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          If the value is false, the scheduling fails.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
@@ -223,26 +223,33 @@ Events:              <none>
 
                                                                                                                                                                                                      Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                   8:0    0   50G  0 disk 
-└─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                        
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
 
                                                                                                                                                                                                      2. Expand the disk capacity.
                                                                                                                                                                                                        Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                            pvresize /dev/sdb
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Physical volume "/dev/vdb" changed
+
                                                                                                                                                                                                            Physical volume "/dev/sdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+
                                                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to 140.00 GiB (35840 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                            resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
-old_desc_blocks = 12, new_desc_blocks = 24
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                            
+old_desc_blocks = 12, new_desc_blocks = 18
+The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Check whether the capacity is expanded.
                                                                                                                                                                                                          # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk
+├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                          # lsblk
@@ -267,7 +274,20 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                      4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   167G  0 lvm             # Thin pool space after capacity expansion
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
@@ -275,13 +295,26 @@ Logical volume vgpaas/thinpool successfully resized.
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
 
                                                                                                                                                                                                      2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                        lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (4607 extents) to <118.00 GiB (30208 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                        resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
-old_desc_blocks = 4, new_desc_blocks = 16
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                        
+old_desc_blocks = 3, new_desc_blocks = 15
+The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
+
                                                                                                                                                                                                      4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   118G  0 lvm  /var/lib/docker     # dockersys after capacity expansion
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm             
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
@@ -295,7 +328,7 @@ The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
 
diff --git a/docs/cce/umn/cce_faq_00107.html b/docs/cce/umn/cce_faq_00107.html
index a332120ca..f1cdaa164 100644
--- a/docs/cce/umn/cce_faq_00107.html
+++ b/docs/cce/umn/cce_faq_00107.html
@@ -8,9 +8,9 @@
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      According to the resolution rules of private domain names, the subnet DNS in the VPC must be set to the cloud DNS. You can find the details of the private network DNS service on its console.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The customer can perform domain name resolution on the ECSs in the VPC subnet, which indicates that the preceding configuration has been completed in the subnet.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      However, when the domain name resolution is performed in a container, the message "bad address" is displayed, indicating that the domain name cannot be resolved.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Log in to the CCE console and check the add-ons installed in the cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If you find that the coredns add-on does not exist in Add-ons Installed, the coredns add-on may have been incorrectly uninstalled.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Install it and add the corresponding domain name and DNS service address to resolve the domain name.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00109.html b/docs/cce/umn/cce_faq_00109.html
index 7450a12cb..545f47ceb 100644
--- a/docs/cce/umn/cce_faq_00109.html
+++ b/docs/cce/umn/cce_faq_00109.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                                      What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      What Should I Do If an Error Occurs When I Deploy a Service on the GPU Node?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                      The following exceptions occur when services are deployed on the GPU nodes in a CCE cluster:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. The GPU memory of containers cannot be queried.
                                                                                                                                                                                                      2. Seven GPU services are deployed, but only two of them can be accessed properly. Errors are reported during the startup of the remaining five services.
                                                                                                                                                                                                        • The CUDA versions of the two services that can be accessed properly are 10.1 and 10.0, respectively.
                                                                                                                                                                                                        • The CUDA versions of the failing services are also 10.0 and 10.1.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Files named core.* are found in the GPU service containers. No such files existed in any of the previous deployments.
                                                                                                                                                                                                      
@@ -25,7 +25,7 @@ cd /usr/local/nvidia/bin && ./nvidia-smi
 
                                                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_faq_00111.html b/docs/cce/umn/cce_faq_00111.html
index 84d7aa696..da17ceffa 100644
--- a/docs/cce/umn/cce_faq_00111.html
+++ b/docs/cce/umn/cce_faq_00111.html
@@ -7,7 +7,7 @@
 
                                                                                                                                                                                                      1. The Network Time Protocol daemon (ntpd) is not installed or fails to be installed, Kubernetes components fail to pass the pre-verification, or the disk partition is incorrect. The current solution is to create a cluster again. For details about how to locate the fault, see Locating the Failure Cause.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Locating the Failure Cause
                                                                                                                                                                                                      View the cluster logs to identify the cause and rectify the fault.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the CCE console. In the navigation pane, click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                                      2. Click the record of the Failed status to view error information.
                                                                                                                                                                                                      3. Rectify the fault based on the error information and create a cluster again.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Log in to the CCE console and click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                                      2. Click the record of the Failed status to view error information.
                                                                                                                                                                                                      3. Rectify the fault based on the error information and create a cluster again.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00120.html b/docs/cce/umn/cce_faq_00120.html
index 9bd1c5e13..e05ad579c 100644
--- a/docs/cce/umn/cce_faq_00120.html
+++ b/docs/cce/umn/cce_faq_00120.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                      What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      If the cluster status is available but some nodes in the cluster are unavailable, perform the following operations to rectify the fault:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If the cluster status is available but some nodes in the cluster are unavailable, perform the following operations to rectify the fault.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Mechanism for Detecting Node Unavailability
                                                                                                                                                                                                      Kubernetes provides the heartbeat mechanism to help you determine node availability. For details about the mechanism and interval, see Heartbeats.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Troubleshooting Process
                                                                                                                                                                                                      The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                      
@@ -14,8 +14,8 @@
 
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes and click the Nodes tab. Locate the row that contains the unavailable node and click Monitor.
                                                                                                                                                                                                      2. On the top of the displayed page, click View More to go to the AOM console and view historical monitoring records.
                                                                                                                                                                                                        A too high CPU or memory usage of the node will result in a high network latency or trigger system OOM. Therefore, the node is displayed as unavailable.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. You are advised to migrate services to reduce the workloads on the node and set the resource upper limit for the workloads.
                                                                                                                                                                                                      2. Clear data on the CCE nodes in the cluster.
                                                                                                                                                                                                      3. Limit the CPU and memory quotas of each container.
                                                                                                                                                                                                      4. Add more nodes to the cluster.
                                                                                                                                                                                                      5. You can also restart the node on the ECS console.
                                                                                                                                                                                                      6. Add nodes to deploy memory-intensive containers separately.
                                                                                                                                                                                                      7. Reset the node.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      After the node becomes available, the workload is restored.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Migrate services to reduce the workloads on the node and configure resource limits for the workloads.
                                                                                                                                                                                                      2. Clear data on the CCE nodes in the cluster.
                                                                                                                                                                                                      3. Limit the CPU and memory quotas of each container.
                                                                                                                                                                                                      4. Add more nodes to the cluster.
                                                                                                                                                                                                      5. Restart the node on the ECS console.
                                                                                                                                                                                                      6. Add nodes to deploy memory-intensive containers separately.
                                                                                                                                                                                                      7. Reset the nodes.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      After the nodes become available, the workload is restored.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 2: Whether the ECS Is Deleted or Faulty
                                                                                                                                                                                                      1. Check whether the cluster is available.
                                                                                                                                                                                                        Log in to the CCE console and check whether the cluster is available.
                                                                                                                                                                                                        
 
@@ -31,15 +31,15 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 5: Whether the Security Group Rules Contain the Security Group Policy for the Communication Between the Master Node and the Worker Node
                                                                                                                                                                                                      Check whether such a security group policy exists.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      When a node is added to an existing cluster, if an extended CIDR block is added to the VPC corresponding to the subnet and the subnet is an extended CIDR block, you need to add the following three security group rules to the master node security group (the group name is in the format of Cluster name-cce-control-Random number). These rules ensure that the nodes added to the cluster are available. (This step is not required if an extended CIDR block has been added to the VPC during cluster creation.)
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details about security groups, see How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details about security groups, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 6: Whether the Disk Is Abnormal
                                                                                                                                                                                                      A 100 GiB data disk dedicated for Docker is attached to the new node. If the data disk is uninstalled or damaged, the Docker service becomes abnormal and the node becomes unavailable.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check Item 6: Whether the Disk Is Abnormal
                                                                                                                                                                                                      A 100-GiB data disk dedicated for Docker is attached to the new node. If the data disk is uninstalled or damaged, the Docker service becomes abnormal and the node becomes unavailable.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Click the node name to check whether the data disk mounted to the node is uninstalled. If the disk is uninstalled, mount a data disk to the node again and restart the node. Then the node can be recovered.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 7: Whether Internal Components Are Normal
                                                                                                                                                                                                      1. Log in to the ECS where the unavailable node is located. 
                                                                                                                                                                                                      2. Run the following command to check whether the PaaS components are normal:
                                                                                                                                                                                                        systemctl status kubelet
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 7: Whether Internal Components Are Normal
                                                                                                                                                                                                        1. Log in to the ECS where the unavailable node is located. 
                                                                                                                                                                                                        2. Run the following command to check whether the PaaS components are normal:
                                                                                                                                                                                                          systemctl status kubelet
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          If the command is successfully executed, the status of each component is displayed as active, as shown in the following figure.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          If the component status is not active, run the following commands (using the faulty component canal as an example):
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Run systemctl restart canal to restart the component.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          After restarting the component, run systemctl status canal to check the status.
                                                                                                                                                                                                          
@@ -57,10 +57,10 @@
 
                                                                                                                                                                                                          Check Item 9: Whether the vdb Disk on the Node Is Deleted
                                                                                                                                                                                                          If the vdb disk on a node is deleted, you can refer to this topic to restore the node.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Check Item 10: Whether the Docker Service Is Normal
                                                                                                                                                                                                          1. Run the following command to check whether the Docker service is running:
                                                                                                                                                                                                            systemctl status docker
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            If the command fails or the Docker service status is not active, locate the cause or contact technical support if necessary.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          2. Run the following command to check the number of containers on the node:
                                                                                                                                                                                                            docker ps -a | wc -l
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            If the command is suspended, the command execution takes a long time, or there are more than 1000 abnormal containers, check whether workloads are repeatedly created and deleted. If a large number of containers are frequently created and deleted, a large number of abnormal containers may occur and cannot be cleared in a timely manner.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the command is suspended, the command execution takes a long time, or there are more than 1000 abnormal containers, check whether workloads are repeatedly created and deleted. If a large number of containers are frequently created and deleted, there may be a large number of abnormal containers, and these containers cannot be cleared in a timely manner.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            In this case, stop repeated creation and deletion of the workload or use more nodes to share the workload. Generally, the nodes will be restored after a period of time. If necessary, run the docker rm {container_id} command to manually clear abnormal containers.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00134.html b/docs/cce/umn/cce_faq_00134.html
index 354512abd..0daac7ffc 100644
--- a/docs/cce/umn/cce_faq_00134.html
+++ b/docs/cce/umn/cce_faq_00134.html
@@ -1,16 +1,92 @@
 
 
-
                                                                                                                                                                                                          How Do I Use Events to Fix Abnormal Workloads?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          How Can I Find the Fault for an Abnormal Workload?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          If a workload is abnormal, you can check the pod events first to locate the fault and then rectify the fault.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Fault Locating
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          To check whether there is an abnormal pod in the workload, perform the following steps:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                                                                                          2. Click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                                                                                                                          3. In the upper left corner of the page, select a namespace, locate the target workload, and view its status.
                                                                                                                                                                                                            • If the workload is not ready, view pod events, and determine the cause. For details, see Viewing Pod Events.
                                                                                                                                                                                                            • If the workload is processing, wait patiently.
                                                                                                                                                                                                            • If the workload is running, no action is required. If the workload status is normal but it cannot be accessed, check whether intra-cluster access is normal.
                                                                                                                                                                                                              Log in to the CCE console or use kubectl to obtain the pod IP address. Then, log in to the node where this pod locates and run curl or use other methods to manually call the APIs. Check whether the expected result is returned.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              If {Container IP address}: {Port} cannot be accessed, log in to the service container and access 127.0.0.1: {Port} to locate the fault.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Fault Locating
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            To locate the fault of an abnormal workload, take the following steps:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            1. Check whether the pod is running properly.
                                                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                                                              2. Click the cluster name to access the cluster console. In the navigation pane, choose Workloads.
                                                                                                                                                                                                              3. In the upper left corner of the page, select a namespace, locate the target workload, and view its status.
                                                                                                                                                                                                                • If the workload is not ready, you can view pod events and determine the cause. For details, see Viewing Pod Events. You can find the solution to the exception based on the events by referring to Common Pod Issues.
                                                                                                                                                                                                                • If the workload is processing, wait patiently.
                                                                                                                                                                                                                • If the workload is running, no action is required. If the workload status is normal but it cannot be accessed, check whether intra-cluster access is normal.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            2. Check whether access within the cluster is normal.
                                                                                                                                                                                                              Log in to the CCE console or use kubectl to obtain the pod IP address. Then, log in to the node or the pod and run curl or use other methods to manually call the APIs and check whether the expected result is returned.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              If {Container IP address}:{Port number} cannot be accessed, log in to the service container, access 127.0.0.1:{Port number}, and locate the fault.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            3. Check whether the access result meets the expectation.
                                                                                                                                                                                                              If the workload is accessible within the cluster but the access result is not as expected, check the workload configurations, such as verifying if the image tag and environment variables are correctly configured. 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Common Pod Issues
                                                                                                                                                                                                            
+
                                                                                                                                                                                                      Table 1 Pod scheduling failure
                                                                                                                                                                                                      Event Information
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Cause and Solution
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
 
 
 
 
 
 
 
 
                                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                      Status
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Description
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Pending
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The pod scheduling failed.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If Pod Scheduling Fails?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Pending
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      A storage volume fails to be mounted to a pod.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      FailedPullImage
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      ImagePullBackOff
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The image pull failed.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The image failed to be pulled again.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If a Pod Fails to Pull the Image?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      CreateContainerError
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      CrashLoopBackOff
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The container startup failed.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The container failed to restart.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If Container Startup Fails?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Evicted
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      A pod is in the Evicted state, and the pod keeps being evicted.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If a Pod Fails to Be Evicted?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Creating
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      A pod is in the Creating state.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If a Workload Remains in the Creating State?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Terminating
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      A pod is in the Terminating state.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If a Pod Remains in the Terminating State?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Stopped
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      A pod is in the Stopped state.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
 
                                                                                                                                                                                                      Viewing Pod Events
                                                                                                                                                                                                      Method 1
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      On the CCE console, click the workload name to go to the workload details page, locate the row containing the abnormal pod, and click View Events in the Operation column.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      On the CCE console, click the workload name to go to the workload details page, locate the row containing the abnormal pod, and choose More > View Events in the Operation column.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Method 2
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Run kubectl describe pod {Pod name} to view pod events. The following shows an example:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      $ kubectl describe pod prepare-58bd7bdf9-fthrp
@@ -20,83 +96,11 @@ Events:
   ----     ------            ----  ----               -------
   Warning  FailedScheduling  49s   default-scheduler  0/2 nodes are available: 2 Insufficient cpu.
   Warning  FailedScheduling  49s   default-scheduler  0/2 nodes are available: 2 Insufficient cpu.
                                                                                                                                                                                                      
-
-
                                                                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                      Table 1 Troubleshooting methods
                                                                                                                                                                                                      Event
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Pod Status
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      PodsScheduling failed
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Pending
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If Pod Scheduling Fails?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      PodsFailed to pull image
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Failed to re-pull image
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      FailedPullImage
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      ImagePullBackOff
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If a Pod Fails to Pull the Image?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      PodsCreation failed
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Failed to restart container
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CreateContainerError
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      CrashLoopBackOff
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If Container Startup Fails?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The pod status is Evicted, and the pod keeps being evicted.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Evicted
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If a Pod Fails to Be Evicted?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The storage volume fails to be mounted to the pod.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Pending
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The pod stays Creating.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Creating
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If a Workload Remains in the Creating State?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The pod stays Terminating.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Terminating
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If Pods in the Terminating State Cannot Be Deleted?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The pod status is Stopped.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Stopped
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
 
 
diff --git a/docs/cce/umn/cce_faq_00140.html b/docs/cce/umn/cce_faq_00140.html
index b26f5705a..4dbdccaa3 100644
--- a/docs/cce/umn/cce_faq_00140.html
+++ b/docs/cce/umn/cce_faq_00140.html
@@ -24,13 +24,13 @@
 
                                                                                                                                                                                                      rm -rf /mnt/paas/kubernetes/kubelet/cpu_manager_state
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    59. Restart the node or kubelet. The following is the kubelet restart command:
                                                                                                                                                                                                      systemctl restart kubelet
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Verify that workloads on the node can be successfully restarted or created.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details, see What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details, see What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      60. 
 
 
 
 
diff --git a/docs/cce/umn/cce_faq_00141.html b/docs/cce/umn/cce_faq_00141.html
index 2f5e219e2..44cb619b8 100644
--- a/docs/cce/umn/cce_faq_00141.html
+++ b/docs/cce/umn/cce_faq_00141.html
@@ -4,9 +4,9 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Network Planning
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Network Exception Troubleshooting
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
-
                                                                                                                                                                                                      • Network Fault
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Network Planning
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
 
                                                                                                                                                                                                      • Security Hardening
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • 
diff --git a/docs/cce/umn/cce_faq_00159.html b/docs/cce/umn/cce_faq_00159.html
index 865ca7b34..241954ebf 100644
--- a/docs/cce/umn/cce_faq_00159.html
+++ b/docs/cce/umn/cce_faq_00159.html
@@ -1,7 +1,10 @@
 
 
 
                                                                                                                                                                                                        When Is Pre-stop Processing Used?
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Service processing takes a long time. Pre-stop processing makes sure that during an upgrade, a pod is killed only when the service in the pod has been processed.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Question
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        When is pre-stop processing used?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Answer
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Service processing takes a long time. Pre-stop processing makes sure that during an upgrade, a pod is killed only when the service in the pod has been processed.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00185.html b/docs/cce/umn/cce_faq_00185.html
new file mode 100644
index 000000000..3bc73532b
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00185.html
@@ -0,0 +1,32 @@
+
+
+
                                                                                                                                                                                                        How Do I Obtain a TLS Key Certificate?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Scenario
                                                                                                                                                                                                        If your ingress needs to use HTTPS, you must configure a secret of the IngressTLS or kubernetes.io/tls type when creating an ingress.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The certificate file uploaded in the secret data must match the private key file. Otherwise, the certificate file becomes invalid.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        Generally, you need to obtain a valid certificate from the certificate provider. If you want to use it in the test environment, you can create a certificate and private key by the performing the following steps.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                         
                                                                                                                                                                                                        Self-created certificates apply only to test scenarios. Such certificates are invalid and will affect browser access. Manually upload a valid one to ensure secure connections.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Generate a tls.key.
                                                                                                                                                                                                          openssl genrsa -out tls.key 2048
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The command will generate a private tls.key in the directory where the command is executed.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Generate a certificate using the private tls.key.
                                                                                                                                                                                                          openssl req -new -x509 -key tls.key -out tls.crt -subj /C=CN/ST=******/O=Devops/CN=example.com -days 3650
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The generated key must be in the following format:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ----BEGIN RSA PRIVATE KEY-----
+...........................................................
+-----END RSA PRIVATE KEY-----
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The generated certificate must be in the following format:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          -----BEGIN CERTIFICATE-----
+................................................................
+-----END CERTIFICATE-----
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Import the certificate.
                                                                                                                                                                                                          When creating a TLS secret, import the certificate and private key file to the corresponding location.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Verification
                                                                                                                                                                                                        The ingress address can be accessed through a browser. However, the certificate and secret are not issued by the CA, so the CA does not recognize them and shows a message saying they are insecure.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Security Hardening
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00186.html b/docs/cce/umn/cce_faq_00186.html
index 7747611f0..7b04057ea 100644
--- a/docs/cce/umn/cce_faq_00186.html
+++ b/docs/cce/umn/cce_faq_00186.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        • What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • What Should I Do If a Cron Job Cannot Be Restarted After Being Stopped for a Period of Time?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • 
 
                                                                                                                                                                                                        • What Is a Headless Service When I Create a StatefulSet?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • 
diff --git a/docs/cce/umn/cce_faq_00195.html b/docs/cce/umn/cce_faq_00195.html
index 31a43613b..f69684695 100644
--- a/docs/cce/umn/cce_faq_00195.html
+++ b/docs/cce/umn/cce_faq_00195.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                                          How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          The following is an example resolv.conf file for a container in a workload:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          In the preceding information:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • nameserver: IP address of the DNS. Set this parameter to the cluster IP address of CoreDNS.
                                                                                                                                                                                                          • search: domain name search list, which is a common suffix of Kubernetes.
                                                                                                                                                                                                          • ndots: If the number of dots (.) is less than the domain name, search is preferentially used for resolution.
                                                                                                                                                                                                          • timeout: timeout interval.
                                                                                                                                                                                                          • single-request-reopen: indicates that different source ports are used to send different types of requests.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          By default, when you create a workload on the CCE console, the preceding parameters are configured as follows:
                                                                                                                                                                                                          
@@ -15,7 +15,7 @@
           - name: single-request-reopen
 
                                                                                                                                                                                                          These parameters can be optimized or modified based on service requirements.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Scenario 1: Slow External Domain Name Resolution
                                                                                                                                                                                                          Optimization Solution
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. If the workload does not need to access the Kubernetes Service in the cluster, see How Do I Configure a DNS Policy for a Container?
                                                                                                                                                                                                          2. If the number of dots (.) in the domain name used by the working Service to access other Kubernetes Services is less than 2, set ndots to 2.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. If the workload does not need to access the Kubernetes Service in the cluster, see How Do I Configure a DNS Policy for a Container?.
                                                                                                                                                                                                          2. If the number of dots (.) in the domain name used by the working Service to access other Kubernetes Services is less than 2, set ndots to 2.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Scenario 2: External Domain Name Resolution Timeout
                                                                                                                                                                                                          Optimization Solution
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Generally, the timeout of a Service must be greater than the value of timeout multiplied by attempts.
                                                                                                                                                                                                          2. If it takes more than 2s to resolve the domain name, you can set timeout to a larger value.
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00197.html b/docs/cce/umn/cce_faq_00197.html
index fda830242..656fe24b9 100644
--- a/docs/cce/umn/cce_faq_00197.html
+++ b/docs/cce/umn/cce_faq_00197.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                                                          What Should I Do If Domain Name Resolution Fails in a CCE Cluster?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 1: Whether the coredns Add-on Has Been Installed
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                          2. In the navigation pane, choose Add-ons and check whether the CoreDNS add-on has been installed.
                                                                                                                                                                                                          3. If not, install the add-on. For details, see Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 1: Whether the coredns Add-on Has Been Installed
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                          2. In the navigation pane, choose Add-ons and check whether the CoreDNS add-on has been installed.
                                                                                                                                                                                                          3. If not, install the add-on. For details, see Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Check Item 2: Whether the coredns Instance Reaches the Performance Limit
                                                                                                                                                                                                          CoreDNS QPS is positively correlated with the CPU usage. If the QPS is high, adjust the coredns instance specifications based on the QPS. 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                          2. In the navigation tree, choose Add-ons and verify that CoreDNS is running.
                                                                                                                                                                                                          3. Click the coredns add-on name to view the add-on list.
                                                                                                                                                                                                          4. Click Monitor of the coredns add-on to view the CPU and memory usage.
                                                                                                                                                                                                            If the add-on performance reaches the bottleneck, adjust the coredns add-on specifications.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                            2. In the navigation pane, choose Add-ons and verify that CoreDNS is running.
                                                                                                                                                                                                            3. Click the CoreDNS add-on name to view the add-on pod list.
                                                                                                                                                                                                            4. Click Monitor of the add-on pods to view the CPU and memory usage.
                                                                                                                                                                                                              If the add-on performance reaches the bottleneck, adjust the coredns add-on specifications.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Check Item 3: Whether the External Domain Name Resolution Is Slow or Times Out
                                                                                                                                                                                                          If the domain name resolution failure rate is lower than 1/10000, optimize parameters by referring to How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out? or add a retry policy in the service.
                                                                                                                                                                                                          
@@ -28,7 +28,7 @@
 
                                                                                                                                                                                                          If the host name and DNS settings are correct, you can use the following optimization policies.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Optimization policies:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Change the coredns cache time.
                                                                                                                                                                                                          2. Configure the stub domain.
                                                                                                                                                                                                          3. Modify the value of ndots.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                           
                                                                                                                                                                                                          • Increasing the cache time of coredns helps resolve the same domain name for the N time, reducing the number of cascading DNS requests.
                                                                                                                                                                                                          • Configuring the stub domain can reduce the number of DNS request links.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           
                                                                                                                                                                                                          • Increasing the cache time of coredns helps resolve the same domain name for the N time, reducing the number of cascading DNS requests.
                                                                                                                                                                                                          • Configuring the stub domain can reduce the number of DNS request links.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          How to modify:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Modifying the coredns cache time and configuring the stub domain:
                                                                                                                                                                                                            Restart the coredns add-on after you modify the configurations.
                                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_faq_00199.html b/docs/cce/umn/cce_faq_00199.html
index f7c0c7f1c..69e75b1c6 100644
--- a/docs/cce/umn/cce_faq_00199.html
+++ b/docs/cce/umn/cce_faq_00199.html
@@ -9,7 +9,7 @@
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Description
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. If this field is set to Always, the image is pulled from the remote repository each time a container is started or restarted.
                                                                                                                                                                                                          If imagePullPolicy is left blank, the policy defaults to Always.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. If the policy is set to IfNotPreset:
                                                                                                                                                                                                          1. If the required image does not exist locally, it will be pulled from the remote repository.
                                                                                                                                                                                                          2. If the content, except the tag, of the required image is the same as that of the local image, and the image with that tag exists only in the remote repository, Kubernetes will not pull the image from the remote repository.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. If the policy is set to IfNotPreset:
                                                                                                                                                                                                          1. When the required image does not exist locally, it will be pulled from the remote repository.
                                                                                                                                                                                                          2. When the content, except the tag, of the required image is the same as that of the local image, and the image with that tag exists only in the remote repository, Kubernetes will not pull the image from the remote repository.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00200.html b/docs/cce/umn/cce_faq_00200.html
index f75942d6d..5799342f5 100644
--- a/docs/cce/umn/cce_faq_00200.html
+++ b/docs/cce/umn/cce_faq_00200.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                        Troubleshooting Process
                                                                                                                                                                                                        The issues here are described in order of how likely they are to occur.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Check these causes one by one until you find the cause of the fault.
                                                                                                                                                                                                        
 
-
                                                                                                                                                                                                        Figure 1 Troubleshooting for storage volume mounting failure or mounting timeout
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 1 Troubleshooting for storage volume mounting failure or mounting timeout
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Check Item 1: Whether EVS Volumes Are Mounted Across AZs
                                                                                                                                                                                                        Symptom
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Mounting an EVS volume to a StatefulSet times out.
                                                                                                                                                                                                        
@@ -13,7 +13,7 @@
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Create a volume in the same AZ as the node and mount the volume.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check Item 2: Whether Multiple Permission Configurations Exist in the Storage Volume
                                                                                                                                                                                                        If the volume to be mounted stores too many data and involves permission-related configurations, the file permissions need to be modified one by one, which results in mounting timeout.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 2: Whether Multiple Permission Configurations Exist in the Storage Volume
                                                                                                                                                                                                        If the volume to be mounted stores too much data and involves permission-related configurations, the file permissions need to be modified one by one, which results in mounting timeout.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Fault Locating
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • Check whether the securityContext field contains runAsuser and fsGroup. securityContext is a Kubernetes field that defines the permission and access control settings of pods or containers.
                                                                                                                                                                                                        • Check whether the startup commands contain commands used to obtain or modify file permissions, such as ls, chmod, and chown.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
@@ -38,7 +38,7 @@
 
                                                                                                                                                                                                        
 
 
diff --git a/docs/cce/umn/cce_faq_00202.html b/docs/cce/umn/cce_faq_00202.html
index c0b3ad05b..e054eba21 100644
--- a/docs/cce/umn/cce_faq_00202.html
+++ b/docs/cce/umn/cce_faq_00202.html
@@ -16,7 +16,7 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Example:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      nodePort: 30637 indicates the exposed node port. targetPort: 80 indicates the exposed pod port. port: 123 is the exposed Service port. LoadBalancer Services also use this port to configure the ELB listener.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      After finding the node port (nodePort), access <IP address>:<port> of the node where the container is located and check whether the expected result is returned.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Common issues:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. The service port is not allowed in the inbound rules of the node.
                                                                                                                                                                                                      2. A custom route is incorrectly configured for the node.
                                                                                                                                                                                                      3. The label of the pod does not match that of the Service (created using kubectl or API).
                                                                                                                                                                                                      
@@ -29,19 +29,19 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 4: NAT Gateway + Port
                                                                                                                                                                                                      Generally, no EIP is configured for the backend server of NAT. Otherwise, exceptions such as network packet loss may occur.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 5: Whether the Security Group of the Node Where the Container Is Located Allows Access
                                                                                                                                                                                                      Log in to the management console, choose Service List > Networking > Virtual Private Cloud. On the Network console, choose Access Control > Security Groups, locate the security group rule of the CCE cluster, and modify and harden the security group rule.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check Item 5: Whether the Security Group of the Node Where the Container Is Located Allows Access
                                                                                                                                                                                                      Log in to the management console and choose Service List > Networking > Virtual Private Cloud. On the Network console, choose Access Control > Security Groups, locate the security group rule of the CCE cluster, and modify and harden the security group rule.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • CCE cluster:
                                                                                                                                                                                                        The security group name of the node is {Cluster name}-cce-node-{Random characters}.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • CCE Turbo cluster:
                                                                                                                                                                                                        The security group name of the node is {Cluster name}-cce-node-{Random characters}.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The name of the security group associated with the containers is {Cluster name}-cce-eni-{Random characters}.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check the following:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • IP address, port, and protocol of an external request to access the workloads in the cluster. They must be allowed in the inbound rule of the cluster security group.
                                                                                                                                                                                                      • IP address, port, and protocol of a request by a workload to visit external applications outside the cluster. They must be allowed in the outbound rule of the cluster security group.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      For details about security group configuration, see How Can I Configure a Security Group Rule in a Cluster?.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • IP address, port, and protocol of an external request to access the workloads in the cluster. They must be allowed in the inbound rule of the cluster security group.
                                                                                                                                                                                                      • IP address, port, and protocol of a request sent by a workload to visit external applications outside the cluster. They must be allowed in the outbound rule of the cluster security group.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For details about security group configuration, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Parent topic: Network Fault
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parent topic: Network Exception Troubleshooting
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
diff --git a/docs/cce/umn/cce_faq_00203.html b/docs/cce/umn/cce_faq_00203.html
index 97eccbf12..95e6612c9 100644
--- a/docs/cce/umn/cce_faq_00203.html
+++ b/docs/cce/umn/cce_faq_00203.html
@@ -4,13 +4,13 @@
 
                                                                                                                                                                                                      CCE does not return any error code when you fail to access your applications using a browser. Check your services first.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      404 Not Found
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If the error code shown in the following figure is returned, it indicates that the ELB cannot find the corresponding forwarding policy. Check the forwarding policies.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 1 404:ALB
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 404:ALB
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If the error code shown in the following figure is returned, it indicates that errors occur on Nginx (your services). In this case, check your services.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 2 404:nginx/1.**.*
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 2 404:nginx/1.**.*
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Parent topic: Network Fault
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parent topic: Network Exception Troubleshooting
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
diff --git a/docs/cce/umn/cce_faq_00204.html b/docs/cce/umn/cce_faq_00204.html
index c62aa420e..0a7f0537a 100644
--- a/docs/cce/umn/cce_faq_00204.html
+++ b/docs/cce/umn/cce_faq_00204.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                                      What Should I Do If a Container Fails to Access the Internet?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If a container cannot access the Internet, check whether the node where the container is located can access the Internet. Then check whether the network configuration of the container is correct. For example, check whether the DNS configuration can resolve the domain name.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 1: Whether the Node Can Access the Internet
                                                                                                                                                                                                      1. Log in to the ECS console.
                                                                                                                                                                                                      2. Check whether an EIP has been bound to the ECS (node) or whether the ECS has a NAT gateway configured.
                                                                                                                                                                                                        The following figure shows that an EIP has been bound. If no EIP is displayed, bind an EIP to the ECS.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Figure 1 Node with an EIP bound
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Figure 1 Node with an EIP bound
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 2: Whether a Network ACL Has Been Configured for the Node
                                                                                                                                                                                                      1. Log in to the VPC console.
                                                                                                                                                                                                      2. In the navigation pane on the left, choose Access Control > Network ACLs.
                                                                                                                                                                                                      3. Check whether a network ACL has been configured for the subnet where the node is located and whether external access is restricted.
                                                                                                                                                                                                      
@@ -17,7 +17,7 @@ options ndots:5
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Parent topic: Network Fault
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parent topic: Network Exception Troubleshooting
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
diff --git a/docs/cce/umn/cce_faq_00205.html b/docs/cce/umn/cce_faq_00205.html
index 24c977bb7..53d127cec 100644
--- a/docs/cce/umn/cce_faq_00205.html
+++ b/docs/cce/umn/cce_faq_00205.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                                                      Network Fault
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Network Exception Troubleshooting
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00209.html b/docs/cce/umn/cce_faq_00209.html
index a770ae3a8..707a05a68 100644
--- a/docs/cce/umn/cce_faq_00209.html
+++ b/docs/cce/umn/cce_faq_00209.html
@@ -21,7 +21,7 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      If the pods are not evicted when the node is faulty, perform the following steps to locate the fault:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      After the following command is run, the command output shows that many pods are in the Evicted state.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      After the following command is executed, the command output shows that many pods are in the Evicted state.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      kubectl get pods
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check results will be recorded in kubelet logs of the node. You can run the following command to search for the information:
                                                                                                                                                                                                      cat /var/log/cce/kubernetes/kubelet.log | grep -i Evicted -C3
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -80,7 +80,7 @@ Taints:             key1=value1:NoSchedule
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 2: Whether Tolerations Have Been Configured for the Workload
                                                                                                                                                                                                      Use kubectl or locate the row containing the target workload and choose More > Edit YAML in the Operation column to check whether tolerance is configured for the workload. For details, see Taints and Tolerations.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 3: Whether the Conditions for Stopping Pod Eviction Are Met
                                                                                                                                                                                                      In a cluster that runs less than 50 worker nodes, if the number of faulty nodes accounts for over 55% of the total nodes, the pod eviction will be suspended. In this case, Kubernetes will not attempt to evict the workload on the faulty node. For details, see Rate limits on eviction.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check Item 3: Whether the Conditions for Stopping Pod Eviction Are Met
                                                                                                                                                                                                      In a cluster that runs fewer than 50 worker nodes, if the number of faulty nodes accounts for over 55% of the total nodes, the pod eviction will be suspended. In this case, Kubernetes will not attempt to evict the workload on the faulty node. For details, see Rate limits on eviction.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 4: Whether the Allocated Resources of the Pod Are the Same as Those of the Node
                                                                                                                                                                                                      An evicted pod will be frequently scheduled to the original node.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      
@@ -103,7 +103,7 @@ Taints:             key1=value1:NoSchedule
 
                                                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_faq_00210.html b/docs/cce/umn/cce_faq_00210.html
index 76f2418a6..f88809308 100644
--- a/docs/cce/umn/cce_faq_00210.html
+++ b/docs/cce/umn/cce_faq_00210.html
@@ -1,26 +1,31 @@
 
 
-
                                                                                                                                                                                                      What Should I Do If Pods in the Terminating State Cannot Be Deleted?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                      When a node is in the Unavailable state, CCE migrates container pods on the node and sets the pods running on the node to the Terminating state.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      After the node is restored, the pods in the Terminating state are automatically deleted.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      However, some pods remain in the Terminating state.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      #kubectl get pod -n aos
+
                                                                                                                                                                                                      What Should I Do If a Pod Remains in the Terminating State?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                      When obtaining workloads in a namespace, you may come across pods that are in the Terminating state.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For example, if you use the command below to obtain pods in the aos namespace, you may notice that some pods are in the Terminating state:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      #kubectl get pod -n aos
 NAME                              READY      STATUS         RESTARTS   AGE
 aos-apiserver-5f8f5b5585-s9l92     1/1       Terminating    0          3d1h
 aos-cmdbserver-789bf5b497-6rwrg    1/1       Running        0          3d1h
 aos-controller-545d78bs8d-vm6j9    1/1       Running        3          3d1h
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Running kubectl delete pods <podname> -n <namespace> cannot delete the pods.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      kubectl delete pods aos-apiserver-5f8f5b5585-s9l92 -n aos
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Running kubectl delete pods <podname> -n <namespace> cannot delete the pods.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubectl delete pods aos-apiserver-5f8f5b5585-s9l92 -n aos
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      You can run the following command to forcibly delete the pods created in any ways:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      kubectl delete pods <pod> --grace-period=0 --force
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Therefore, run the following command to delete the pod:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      kubectl delete pods aos-apiserver-5f8f5b5585-s9l92 --grace-period=0 --force
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      The following lists some possible causes:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • The node that runs a terminating pod is abnormal. When a node is unavailable, CCE migrates pods on the node and sets the pods running on the node to the Terminating state.
                                                                                                                                                                                                        After the node is restored, the pods in the Terminating state will be automatically deleted.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • A container is unresponsive. If a container within a pod fails to respond to the SIGTERM signal while being terminated, the pod can become stuck in the Terminating state.
                                                                                                                                                                                                      • There are unfinished requests or resource occupation within a pod. If a process within a pod continues to run for an extended period, it may prevent the pod from being terminated and cause it to enter the Terminating state.
                                                                                                                                                                                                      • A pod has finalizers specified. Finalizers are used to clean up resources before they are deleted. If a pod has finalizers specified and the cleanup process is paused or unresponsive, the pod will remain in the Terminating state.
                                                                                                                                                                                                      • A pod has terminationGracePeriodSeconds configured. Once a graceful exit time is set for a pod, it will enter the Terminating state upon termination and be automatically deleted after exiting gracefully.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                       
                                                                                                                                                                                                      Before forcibly deleting a pod, it is important to consider the potential risks to your services. This is especially true for StatefulSet pods, because there is a higher chance of data inconsistency and abnormal container exits. Take the time to evaluate these risks before proceeding with the operation. For details, see Force Delete StatefulSet Pods.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Run the following command to forcibly delete the pods created in any ways:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubectl delete pod <pod>  -n <namespace> --grace-period=0 --force
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Run the following command to delete the terminating pod described at the very beginning of this section:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      kubectl delete pod aos-apiserver-5f8f5b5585-s9l92 -n aos --grace-period=0 --force
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_faq_00213.html b/docs/cce/umn/cce_faq_00213.html
index c42efe071..9baefad07 100644
--- a/docs/cce/umn/cce_faq_00213.html
+++ b/docs/cce/umn/cce_faq_00213.html
@@ -1,7 +1,8 @@
 
 
-
                                                                                                                                                                                                      What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      If a scheduled task is stopped during running, before its restart, the system calculates the difference between the last time the task was successfully executed and the current time and compares the time difference with the scheduled task period multiplied by 100. If the time difference is greater than the period multiplied by 100, the scheduled task will not be triggered again. For details, see CronJob Limitations.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      What Should I Do If a Cron Job Cannot Be Restarted After Being Stopped for a Period of Time?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      When a cron job is paused mid-execution and later resumed, the controller checks the number of missed scheduling times between the last scheduled time and the current time. If this number exceeds 100, the controller will not start the job and logs the error. For details, see CronJob limitations.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Cannot determine if job needs to be started. Too many missed start time (> 100). Set or decrease .spec.startingDeadlineSeconds or check clock skew.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      For example, assume that a cron job is set to create a job every minute from 08:30:00 and the startingDeadlineSeconds field is not set. If the cron job controller stops running from 08:29:00 to 10:21:00, the job will not be started because the time difference between 08:29:00 and 10:21:00. 00 exceeds 100 minutes, that is, the number of missed scheduling times exceeds 100 (in the example, a scheduling period is 1 minute).
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      If the startingDeadlineSeconds field is set, the controller calculates the number of missed jobs in the last x seconds (x indicates the value of startingDeadlineSeconds). For example, if startingDeadlineSeconds is set to 200, the controller counts the number of jobs missed in the last 200 seconds. In this case, if the cron job controller stops running from 08:29:00 to 10:21:00, the job will start again at 10:22:00, because only three scheduling requests are missed in the last 200 seconds (in the example, one scheduling period is 1 minute).
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      Configure the startingDeadlineSeconds parameter in a cron job. This parameter can be created or modified only by using kubectl or APIs.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00218.html b/docs/cce/umn/cce_faq_00218.html
index 0d93617ea..7414d2bdb 100644
--- a/docs/cce/umn/cce_faq_00218.html
+++ b/docs/cce/umn/cce_faq_00218.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                                                      What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      When a Service deployed on CCE attempts to upload files to OBS after receiving an access request from an offline machine, an error message is displayed, indicating that the host cannot be found. The following figure shows the error message.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Fault Locating
                                                                                                                                                                                                      After receiving the HTTP request, the Service transfers files to OBS through the proxy.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      If too many files are transferred, a large number of resources are consumed. Currently, the proxy is assigned 128 MiB memory. According to pressure test results, resource consumption is large, resulting in request failure.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If too many files are transferred, a large number of resources are consumed. Currently, the proxy is assigned 128 MiB of memory. According to pressure test results, resource consumption is large, resulting in request failure.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The test results show that all traffic passes through the proxy. Therefore, if the service volume is large, more resources need to be allocated.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      1. File transfer involves a large number of packet copies, which occupies a large amount of memory. In this case, increase the proxy memory based on the actual scenario and then try to access the Service and upload files again.
                                                                                                                                                                                                      2. Additionally, remove the Service from the mesh because the proxy only forwards packets and does not perform any other operations. If requests pass through the ingress gateway, the grayscale release function of the Service is not affected.
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00224.html b/docs/cce/umn/cce_faq_00224.html
index 55371ba1e..374c3f102 100644
--- a/docs/cce/umn/cce_faq_00224.html
+++ b/docs/cce/umn/cce_faq_00224.html
@@ -1,17 +1,34 @@
 
 
 
                                                                                                                                                                                                      How Do I Expand the Storage Capacity of a Container?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      The default storage size of a container is 10 GB. If a large volume of data is generated in the container, expand the capacity using the method described in this topic.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      The default storage size of a container is 10 GiB. If a large volume of data is generated in the container, expand the capacity using the method described in this topic.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                      2. Choose Nodes from the navigation pane.
                                                                                                                                                                                                      3. Click the Nodes tab, locate the row containing the target node, and choose More > Reset Node in the Operation column.
                                                                                                                                                                                                         
                                                                                                                                                                                                        Resetting a node may make unavailable the node-specific resources (such as local storage and workloads scheduled to this node). Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                        2. Choose Nodes from the navigation pane.
                                                                                                                                                                                                        3. Click the Nodes tab, locate the row containing the target node, and choose More > Reset Node in the Operation column.
                                                                                                                                                                                                           
                                                                                                                                                                                                          Resetting a node may make the node-specific resources (such as local storage and workloads scheduled to this node) unavailable. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        4. Click Yes.
                                                                                                                                                                                                        5. Reconfigure node parameters.
                                                                                                                                                                                                          If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Storage Settings: Click Expand next to the data disk to set the following parameters:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        6. Reconfigure node parameters.
                                                                                                                                                                                                          If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Storage Settings: Click Expand next to the data disk to set the following parameter:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Space Allocation for Pods: indicates the base size of a pod. It is the maximum size that a workload's pods (including the container images) can grow to in the disk space. Proper settings can prevent pods from taking all the disk space available and avoid service exceptions. It is recommended that the value is less than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios. For details, see Data Disk Space Allocation.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        7. After the node is reset, log in to the node and run the following command to access the container and check whether the container storage capacity has been expanded:
                                                                                                                                                                                                          docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        8. After the node is reset, log in to the node and check whether the container capacity has been expanded. The command output varies with the container storage rootfs.
                                                                                                                                                                                                          • Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                            docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            df -h
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the information similar to the following is displayed, the overlay capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Filesystem                    Size   Used   Avail   Use%   Mounted on
+overlay                        15G   104K     15G     1%   /
+tmpfs                          64M      0     64M     0%   /dev
+tmpfs                         3.6G      0    3.6G     0%   /sys/fs/cgroup
+/dev/mapper/vgpaas-share       98G   4.0G     89G     5%   /etc/hosts
+...
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Devicemapper: A thin pool is allocated to store image data. Run the following command to check whether the container capacity has been expanded:
                                                                                                                                                                                                            docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            df -h
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the information similar to the following is displayed, the thin pool capacity has been expanded from 10 GiB to 15 GiB.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Filesystem                            Size   Used   Avail   Use%   Mounted on
+/dev/mapper/vgpaas-thinpool-snap-84    15G   232M     15G     2%   /
+tmpfs                                  64M      0     64M     0%   /dev
+tmpfs                                 3.6G      0    3.6G     0%   /sys/fs/cgroup
+/dev/mapper/vgpaas-kubernetes          11G    41M     11G     1%   /etc/hosts
+/dev/mapper/vgpaas-dockersys           20G   1.1G     18G     6%   /etc/hostname
+...
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00260.html b/docs/cce/umn/cce_faq_00260.html
index 0c32156a9..253640842 100644
--- a/docs/cce/umn/cce_faq_00260.html
+++ b/docs/cce/umn/cce_faq_00260.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                        How Do I Evenly Distribute Multiple Pods to Each Node?
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        The kube-scheduler component in Kubernetes is responsible pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The kube-scheduler component in Kubernetes is responsible for pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        BalancedResourceAllocation is only one of the scoring priorities. Other scoring items may also cause uneven distribution. For details about scheduling, see Kubernetes Scheduler and Scheduling Policies.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        You can configure pod anti-affinity policies to evenly distribute pods onto different nodes.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Example:
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00263.html b/docs/cce/umn/cce_faq_00263.html
index bd1a51f5d..15e2ad169 100644
--- a/docs/cce/umn/cce_faq_00263.html
+++ b/docs/cce/umn/cce_faq_00263.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                        Symptom
                                                                                                                                                                                                        The vdb disk of a node is damaged and the node cannot be recovered after reset.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Error Scenarios
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        • On a normal node, delete the LV and VG. The node is unavailable.
                                                                                                                                                                                                        • Reset an abnormal node, and a syntax error is reported. The node is unavailable.
                                                                                                                                                                                                          The following figure shows the details.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Fault Locating
                                                                                                                                                                                                        If the volume group (VG) on the node is deleted or damaged and cannot be identified, you need to manually restore the VG first to prevent your data disks from being formatted by mistake during the reset.
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00264.html b/docs/cce/umn/cce_faq_00264.html
index f4a432190..752b7d8a8 100644
--- a/docs/cce/umn/cce_faq_00264.html
+++ b/docs/cce/umn/cce_faq_00264.html
@@ -12,6 +12,8 @@
 
                                                                                                                                                                                                        4. 
 
                                                                                                                                                                                                      4. How Do I Configure an Access Policy for a Cluster?
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        5. 
+
                                                                                                                                                                                                      5. How Do I Obtain a TLS Key Certificate?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        6. 
 
                                                                                                                                                                                                      6. How Do I Change the Security Group of Nodes in a Cluster in Batches?
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        7. 
 
diff --git a/docs/cce/umn/cce_faq_00265.html b/docs/cce/umn/cce_faq_00265.html
index 1d9378366..6923490b8 100644
--- a/docs/cce/umn/cce_faq_00265.html
+++ b/docs/cce/umn/cce_faq_00265.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                                                        How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created for the master node and worker node, separately. The security group name of the master node is {Cluster name}-cce-control-{Random ID}, and the security group name of the worker node is {Cluster name}-cce-node-{Random ID}. If a CCE Turbo cluster is used, an additional ENI security group named {Cluster name}-cce-eni-{Random ID} will be created.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        You can modify the security group rules on the VPC console as required. (Log in to the management console, choose Service List > Networking > Virtual Private Cloud. On the page displayed, choose Access Control > Security Groups in the navigation pane, locate the corresponding security groups, and modify their rules.)
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created for the master node and worker node, separately. The security group name of the master node is {Cluster name}-cce-control-{Random ID}, and the security group name of the worker node is {Cluster name}-cce-node-{Random ID}. If a CCE Turbo cluster is used, an additional ENI security group named {Cluster name}-cce-eni-{Random ID} will be created.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        You can modify the security group rules on the VPC console as required. (Log in to the management console, choose Service List > Networking > Virtual Private Cloud. On the page displayed, choose Access Control > Security Groups in the navigation pane, locate the corresponding security groups, and modify their rules.)
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The default security group rules of the clusters using different networks are as follows:
                                                                                                                                                                                                        
-
+
 
                                                                                                                                                                                                         
                                                                                                                                                                                                        • Modifying or deleting security group rules may affect cluster running. Exercise caution when performing this operation. If you need to modify security group rules, do not modify the rules of the port on which CCE running depends.
                                                                                                                                                                                                        • When adding a new security group rule to a cluster, ensure that the new rule does not conflict with the original rules. Otherwise, the original rules may become invalid, affecting the cluster running.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Security Group Rules of a Cluster Using a VPC Network
                                                                                                                                                                                                        Security group of worker nodes
                                                                                                                                                                                                        
@@ -30,7 +30,7 @@
 
 
                                                                                                                                                                                                      VPC CIDR block
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Allow access between worker nodes and between worker nodes and the master nodes.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Allow access between worker nodes and between the worker nodes and master nodes.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      No
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      These ports must permit requests from VPC, container, and ELB CIDR blocks.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      These ports must permit requests from VPC, container, and load balancer CIDR blocks.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      UDP port range: 30000 to 32767
                                                                                                                                                                                                      
@@ -91,7 +91,7 @@
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Allow SSH access to ECSs.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Allow SSH access to Linux ECSs.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The port must allow traffic from the CIDR blocks of the VPC, the control plane of the hosted service mesh, and container.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      TCP port 8445
                                                                                                                                                                                                      
@@ -210,7 +210,7 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Security Group Rules of a Cluster Using the Tunnel Network
                                                                                                                                                                                                      Security group of worker nodes
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Security Group Rules of a Cluster Using a Tunnel Network
                                                                                                                                                                                                      Security group of worker nodes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      A security group named {Cluster name}-cce-node-{Random ID} is automatically created for worker nodes in a cluster. For details about the default ports, see Table 3.
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      
-
-
-
@@ -366,9 +366,9 @@
 
-
-
-
@@ -448,7 +448,7 @@
 
-
-
-
@@ -559,9 +559,9 @@
 
-
-
-
@@ -735,7 +735,7 @@
 
-
diff --git a/docs/cce/umn/cce_faq_00266.html b/docs/cce/umn/cce_faq_00266.html
index 126e6d35b..db5eac106 100644
--- a/docs/cce/umn/cce_faq_00266.html
+++ b/docs/cce/umn/cce_faq_00266.html
@@ -1,12 +1,12 @@
 
                                                                                                                                                                                                      What Is the Relationship Between Clusters, VPCs, and Subnets?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      A Virtual Private Cloud (VPC) is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and provides basic network environment for running elastic cloud servers (ECSs), elastic load balances (ELBs), and middleware. Networks of different scales can be configured based on service requirements. Generally, you can set the CIDR block to 10.0.0.0/8–24, 172.16.0.0/12–24, or 192.168.0.0/16–24. The largest CIDR block is 10.0.0.0/8, which corresponds to a class A network.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      A VPC is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and provides basic network environment for running ECSs, ELBs, and middleware. Networks of different scales can be configured based on service requirements. Generally, you can set the CIDR block to 10.0.0.0/8–24, 172.16.0.0/12–24, or 192.168.0.0/16–24. The largest CIDR block is 10.0.0.0/8, which corresponds to a class A network.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      A VPC can be divided into multiple subnets. Security groups are configured to determine whether these subnets can communicate with each other. This ensures that subnets can be isolated from each other, so that you can deploy different services on different subnets.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      A cluster is one or a group of cloud servers (also known as nodes) in the same VPC. It provides computing resource pools for running containers.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      As shown in Figure 1, a region may comprise of multiple VPCs. A VPC consists of one or more subnets. The subnets communicate with each other through a subnet gateway. A cluster is created in a subnet. There are three scenarios:
                                                                                                                                                                                                      • Different clusters are created in different VPCs.
                                                                                                                                                                                                      • Different clusters are created in the same subnet.
                                                                                                                                                                                                      • Different clusters are created in different subnets.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      As shown in Figure 1, a region may consist of multiple VPCs. A VPC consists of one or more subnets. The subnets communicate with each other through a subnet gateway. A cluster is created in a subnet. There are three scenarios:
                                                                                                                                                                                                      • Different clusters are created in different VPCs.
                                                                                                                                                                                                      • Different clusters are created in the same subnet.
                                                                                                                                                                                                      • Different clusters are created in different subnets.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00267.html b/docs/cce/umn/cce_faq_00267.html
index a23cd7bf5..dd82ee32b 100644
--- a/docs/cce/umn/cce_faq_00267.html
+++ b/docs/cce/umn/cce_faq_00267.html
@@ -1,7 +1,10 @@
 
 
 
                                                                                                                                                                                                      How Do I Prevent Cluster Nodes from Being Exposed to Public Networks?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      • If access to port 22 of a cluster node is not required, you can define a security group rule that disables access to port 22.
                                                                                                                                                                                                      • Do not bind an EIP to a cluster node unless necessary.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Question
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      How do I prevent cluster nodes from being exposed to public networks?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • If access to port 22 of a cluster node is not required, you can define a security group rule that disables access to port 22.
                                                                                                                                                                                                      • Do not bind an EIP to a cluster node unless necessary.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00275.html b/docs/cce/umn/cce_faq_00275.html
index 1d0970f1f..7eb42751f 100644
--- a/docs/cce/umn/cce_faq_00275.html
+++ b/docs/cce/umn/cce_faq_00275.html
@@ -10,6 +10,12 @@
 
 
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00282.html b/docs/cce/umn/cce_faq_00282.html
index c0785b1c9..fb6ffcc66 100644
--- a/docs/cce/umn/cce_faq_00282.html
+++ b/docs/cce/umn/cce_faq_00282.html
@@ -10,6 +10,8 @@
 
diff --git a/docs/cce/umn/cce_faq_00284.html b/docs/cce/umn/cce_faq_00284.html
index 6f009c261..5cc1bc134 100644
--- a/docs/cce/umn/cce_faq_00284.html
+++ b/docs/cce/umn/cce_faq_00284.html
@@ -12,7 +12,7 @@
 
 
                                                                                                                                                                                                    60. How Do I Prevent a Container on a Node from Being Evicted?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      61. 
-
                                                                                                                                                                                                    61. Why Are Pods Not Evenly Distributed to Nodes?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    62. Why Are Pods Not Evenly Distributed on Nodes?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      63. 
 
                                                                                                                                                                                                    63. How Do I Evict All Pods on a Node?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      64. 
diff --git a/docs/cce/umn/cce_faq_00286.html b/docs/cce/umn/cce_faq_00286.html
index 74093f2c6..51c3be771 100644
--- a/docs/cce/umn/cce_faq_00286.html
+++ b/docs/cce/umn/cce_faq_00286.html
@@ -4,8 +4,8 @@
 
                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                      A node fails to be accepted into a cluster.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      Log in to the node and check the /var/paas/sys/log/baseagent/baseagent.log installation log. The following error information is displayed:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check the LVM settings of the node. It is found that the LVM logical volume is not created in /dev/vdb.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check the  Logical Volume Manager (LVM) settings of the node. It is found that the LVM logical volume is not created in /dev/vdb.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      Run the following command to manually create a logical volume:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      pvcreate /dev/vdb 
diff --git a/docs/cce/umn/cce_faq_00296.html b/docs/cce/umn/cce_faq_00296.html
index d9a993d28..73eb3ec5c 100644
--- a/docs/cce/umn/cce_faq_00296.html
+++ b/docs/cce/umn/cce_faq_00296.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                      Attached SCSI disk
 task jdb2/xxx blocked for more than 120 seconds.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Example:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      After a PCI device is hot added to BUS 0, the Linux OS kernel will traverse all the PCI bridges mounted to BUS 0 for multiple times, and these PCI bridges cannot work properly during this period. During this period, if the PCI bridge used by the device is updated, due to a kernel defect, the device considers that the PCI bridge is abnormal, and the device enters a fault mode and cannot work normally. If the front end is writing data into the PCI configuration space for the back end to process disk I/Os, the write operation may be deleted. As a result, the back end cannot receive notifications to process new requests on the I/O ring. Finally, the front-end I/O suspension occurs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00307.html b/docs/cce/umn/cce_faq_00307.html
index 174185cd8..98fd872f3 100644
--- a/docs/cce/umn/cce_faq_00307.html
+++ b/docs/cce/umn/cce_faq_00307.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                                      Problem Description
                                                                                                                                                                                                      When the disk space of a thin pool on a node is about to be used up, the following exceptions occasionally occur:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Files or directories fail to be created in the container, the file system in the container is read-only, the node is tainted disk-pressure, or the node is unavailable.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      You can run the docker info command on the node to view the used and remaining thin pool space to locate the fault. The following figure is an example.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Possible Cause
                                                                                                                                                                                                      When Docker device mapper is used, although you can configure the basesize parameter to limit the size of the /home directory of a single container (to 10 GB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GB, the thin pool space occupied by files keeps increasing until 10 GB when files are created in the container. The space released after file deletion will be reused only after a while. If the number of service containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                                                                                                                                      
@@ -17,26 +17,33 @@
 
                                                                                                                                                                                                      Overlayfs: No independent thin pool is allocated. Image data is stored in dockersys.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                        # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
-vda                   8:0    0   50G  0 disk 
-└─vda1                8:1    0   50G  0 part /
-vdb                   8:16   0  200G  0 disk      # Data disk has been expanded but not allocated
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd          # Space used by the container engine
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                        
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk      # The data disk has been expanded to 150 GiB, but 50 GiB space is not allocated.
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
 
                                                                                                                                                                                                      2. Expand the disk capacity.
                                                                                                                                                                                                        Add the new disk capacity to the dockersys logical volume used by the container engine.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                          pvresize /dev/vdb
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/sdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                            pvresize /dev/sdb
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Physical volume "/dev/vdb" changed
+
                                                                                                                                                                                                            Physical volume "/dev/sdb" changed
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                            lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to <190.00 GiB (48639 extents).
+
                                                                                                                                                                                                            Size of logical volume vgpaas/dockersys changed from <90.00 GiB (23039 extents) to 140.00 GiB (35840 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                            resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Information similar to the following is displayed:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/containerd; on-line resizing required
-old_desc_blocks = 12, new_desc_blocks = 24
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                            
+old_desc_blocks = 12, new_desc_blocks = 18
+The filesystem on /dev/vgpaas/dockersys is now 36700160 blocks long.
 
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Check whether the capacity is expanded.
                                                                                                                                                                                                          # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  150G  0 disk
+├─vgpaas-dockersys  253:0    0   140G  0 lvm  /var/lib/containerd
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        1. Check the disk and partition sizes of the device.
                                                                                                                                                                                                          # lsblk
@@ -61,7 +68,20 @@ vda                                   8:0    0   50G  0 disk
 
                                                                                                                                                                                                          Information similar to the following is displayed:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Size of logical volume vgpaas/thinpool changed from <67.00 GiB (23039 extents) to <167.00 GiB (48639 extents).
 Logical volume vgpaas/thinpool successfully resized.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. Do not need to adjust the size of the file system, because the thin pool is not mounted to any devices.
                                                                                                                                                                                                      4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the thin pool, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   167G  0 lvm             # Thin pool space after capacity expansion
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Option 2: Add the new disk capacity to the dockersys disk.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Expand the PV capacity so that LVM can identify the new EVS capacity. /dev/vdb specifies the physical volume where dockersys is located.
                                                                                                                                                                                                        pvresize /dev/vdb
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
@@ -69,13 +89,26 @@ Logical volume vgpaas/thinpool successfully resized.
 1 physical volume(s) resized or updated / 0 physical volume(s) not resized
 
                                                                                                                                                                                                      2. Expand 100% of the free capacity to the logical volume. vgpaas/dockersys specifies the logical volume used by the container engine.
                                                                                                                                                                                                        lvextend -l+100%FREE -n vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (7679 extents) to <118.00 GiB (33279 extents).
+
                                                                                                                                                                                                        Size of logical volume vgpaas/dockersys changed from <18.00 GiB (4607 extents) to <118.00 GiB (30208 extents).
 Logical volume vgpaas/dockersys successfully resized.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Adjust the size of the file system. /dev/vgpaas/dockersys specifies the file system path of the container engine.
                                                                                                                                                                                                        resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Filesystem at /dev/vgpaas/dockersys is mounted on /var/lib/docker; on-line resizing required
-old_desc_blocks = 4, new_desc_blocks = 16
-The filesystem on /dev/vgpaas/dockersys is now 49807360 (4k) blocks long.
                                                                                                                                                                                                        
+old_desc_blocks = 3, new_desc_blocks = 15
+The filesystem on /dev/vgpaas/dockersys is now 30932992 blocks long.
+
                                                                                                                                                                                                      4. Check whether the capacity is expanded. Run the lsblk command to check the disk and partition sizes of the device. If the new disk capacity has been added to the dockersys, the capacity is expanded.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+vda                                   8:0    0   50G  0 disk 
+└─vda1                                8:1    0   50G  0 part /
+vdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   118G  0 lvm  /var/lib/docker     # dockersys after capacity expansion
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm             
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00314.html b/docs/cce/umn/cce_faq_00314.html
index 3afa19fcd..751747ac7 100644
--- a/docs/cce/umn/cce_faq_00314.html
+++ b/docs/cce/umn/cce_faq_00314.html
@@ -1,9 +1,14 @@
 
 
-
                                                                                                                                                                                                      Why Are Pods Not Evenly Distributed to Nodes?
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      The kube-scheduler component in Kubernetes is responsible pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Why Are Pods Not Evenly Distributed on Nodes?
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Pod Scheduling Principles in Kubernetes
                                                                                                                                                                                                      The kube-scheduler component in Kubernetes is responsible for pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      BalancedResourceAllocation is only one of the scoring priorities. Other scoring items may also cause uneven distribution. For details about scheduling, see Kubernetes Scheduler and Scheduling Policies.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Possible Causes of Why Pods Are Not Evenly Distributed on Nodes
                                                                                                                                                                                                      • Resource configurations may vary between nodes, including differences in CPU and memory size. This can result in the pods' defined requests not being met, even if a node's actual load is low. As a result, the pod cannot be scheduled to the node.
                                                                                                                                                                                                      • Custom scheduling policies can be used to schedule pods based on affinity and anti-affinity rules, resulting in uneven distribution of pods across nodes.
                                                                                                                                                                                                      • Nodes can have taints that prevent unscheduled pods from being assigned to them if tolerations are not set.
                                                                                                                                                                                                      • Certain workloads may have unique distribution constraints. For instance, if an EVS disk is attached to a workload, the workload pods can only be scheduled to nodes within the same AZ as the disk.
                                                                                                                                                                                                      • Certain pods may require specific resources, such as GPUs. In such cases, the scheduler can only assign those pods to GPU nodes.
                                                                                                                                                                                                      • The health and status of a node can impact scheduling decisions. If a node is unhealthy, it may not be able to accept new pods.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Possible Causes of Why Pod Loads Are Unevenly Distributed on Nodes
                                                                                                                                                                                                      When allocating pods, kube-scheduler does not take into account the actual load of applications. This can result in some nodes being heavily loaded while others are lightly loaded, especially if the application load is uneven.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Parent topic: Scheduling Policies
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_faq_00319.html b/docs/cce/umn/cce_faq_00319.html
index b888e6e73..c92f7e3a0 100644
--- a/docs/cce/umn/cce_faq_00319.html
+++ b/docs/cce/umn/cce_faq_00319.html
@@ -2,9 +2,9 @@
 
 
                                                                                                                                                                                                      What Can I Do If a Layer Is Missing During Image Pull?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Symptom
                                                                                                                                                                                                      When containerd is used as the container engine, there is a possibility that the image layer is missing when an image is pulled to a node. As a result, the workload container fails to be created.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      Docker earlier than v1.10 supports the layer whose mediaType is application/octet-stream. However, containerd does not support application/octet-stream. As a result, the layer is not pulled.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Possible Causes
                                                                                                                                                                                                      Docker earlier than v1.10 supports the layer whose mediaType is application/octet-stream. However, containerd does not support application/octet-stream. As a result, the image is not pulled.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      You can use either of the following methods to solve this problem:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • Use Docker v1.11 or later to repackage the image.
                                                                                                                                                                                                      • Manually pull the image.
                                                                                                                                                                                                        1. Log in to the node.
                                                                                                                                                                                                        2. Run the following command to pull the image:
                                                                                                                                                                                                          ctr -n k8s.io images pull --user u:p images
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00322.html b/docs/cce/umn/cce_faq_00322.html
index fdbe3d1d9..fe13a2bbe 100644
--- a/docs/cce/umn/cce_faq_00322.html
+++ b/docs/cce/umn/cce_faq_00322.html
@@ -6,23 +6,23 @@
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Possible Causes
                                                                                                                                                                                                          The add-on release record remains in the Kubernetes cluster. Generally, it is because the cluster etcd has backed up and restored the add-on, or the add-on fails to be installed or deleted.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          Use kubectl to connect to the cluster and manually clear the Secret and Configmap corresponding to add-on release. The following uses autoscaler add-on release as an example.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          Use kubectl to connect to the cluster and manually clear the Secret and ConfigMap corresponding to the add-on release. The following uses autoscaler add-on release as an example.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Connect to the cluster using kubectl, and run the following command to view the Secret list of add-on releases:
                                                                                                                                                                                                            kubectl get secret -A |grep cceaddon
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            The Secret name of an add-on release is in the format of sh.helm.release.v1.cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their Secrets at the same time.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          2. Run the release secret command to delete the Secrets.
                                                                                                                                                                                                            Example:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            kubectl delete secret sh.helm.release.v1.cceaddon-autoscaler.v1 sh.helm.release.v1.cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          3. If the add-on is created when Helm v2 is used, CCE automatically bumps the v2 release in Configmaps to v3 release in Secrets when viewing the add-ons and their details. The v2 release in the original Configmap is not deleted. Run the following command to view the ConfigMap list of add-on releases:
                                                                                                                                                                                                            kubectl get configmap -A | grep cceaddon
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          4. If the add-on is created when Helm v2 is used, CCE automatically bumps the v2 release in ConfigMaps to v3 release in Secrets when viewing the add-ons and their details. The v2 release in the original ConfigMap is not deleted. Run the following command to view the ConfigMap list of add-on releases:
                                                                                                                                                                                                            kubectl get configmap -A | grep cceaddon
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            The ConfigMap name of an add-on release is in the format of cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their ConfigMaps at the same time.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          5. Run the release configmap command to delete the ConfigMaps.
                                                                                                                                                                                                            Example:
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            kubectl delete configmap cceaddon-autoscaler.v1 cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
 
                                                                                                                                                                                                             
                                                                                                                                                                                                            Deleting resources in kube-system is a high-risk operation. Ensure that the command is correct before running it to prevent resources from being deleted by mistake.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          6. On the CCE console, install add-on and then uninstall it. Ensure that the residual add-on resources are cleared. After the uninstall is complete, install the add-on again.
                                                                                                                                                                                                             
                                                                                                                                                                                                            When installing the add-on for the first time, you may find it abnormal after the installation due to the residual resources of the previous add-on release, which is normal. In this case, you can uninstall the add-on on the console to ensure that the residual resources are cleared and the add-on can run properly after being installed again.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          7. On the CCE console, install the add-on and then uninstall it. Ensure that the residual add-on resources are cleared. After the uninstallation is complete, install the add-on again.
                                                                                                                                                                                                             
                                                                                                                                                                                                            During the initial installation of the add-on, it is possible to encounter abnormal behavior caused by residual resources from a previous add-on release. This is a normal occurrence. In such cases, you can resolve the issue by uninstalling the add-on from the console. This will ensure that any remaining resources are cleared, allowing for a proper installation of the add-on again.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00325.html b/docs/cce/umn/cce_faq_00325.html
index 99f73b6d3..0b6a5f2ec 100644
--- a/docs/cce/umn/cce_faq_00325.html
+++ b/docs/cce/umn/cce_faq_00325.html
@@ -1,8 +1,8 @@
 
 
 
                                                                                                                                                                                                          What Should I Do If a Namespace Fails to Be Deleted Due to an APIService Object Access Failure?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Symptom
                                                                                                                                                                                                          The namespace remains in the Deleting state. The error message "DiscoveryFailed" is displayed in status in the YAML file.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Symptom
                                                                                                                                                                                                          The namespace remains in the Deleting state. The error message "DiscoveryFailed" is displayed in status in the YAML file.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          In the preceding figure, the full error message is "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request".
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          This indicates that the namespace deletion is blocked when kube-apiserver accesses the APIService resource object of the metrics.k8s.io/v1beta1 API.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00392.html b/docs/cce/umn/cce_faq_00392.html
index 8d2b45e58..543bade8f 100644
--- a/docs/cce/umn/cce_faq_00392.html
+++ b/docs/cce/umn/cce_faq_00392.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                                          How Do I Change the Security Group of Nodes in a Cluster in Batches?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Notes and Constraints
                                                                                                                                                                                                          Do not add more than 1000 instances to the same security group. Otherwise, the security group performance may deteriorate. 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Procedure
                                                                                                                                                                                                          1. Log in to the VPC console and select the desired region and project in the upper left corner.
                                                                                                                                                                                                          2. In the navigation pane on the left, choose Access Control > Security Groups.
                                                                                                                                                                                                          3. On the Security Groups page, click Manage Instance in the Operation column.
                                                                                                                                                                                                          4. On the Servers tab page, click Add.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Procedure
                                                                                                                                                                                                            1. Log in to the VPC console and select the desired region and project in the upper left corner.
                                                                                                                                                                                                            2. In the navigation pane on the left, choose Access Control > Security Groups.
                                                                                                                                                                                                            3. On the Security Groups page, click Manage Instance in the Operation column.
                                                                                                                                                                                                            4. On the Servers tab, click Add.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            5. Select the servers to be added to the security group and click OK. You can also search for servers by name, ID, private IP address, status, enterprise project, or tag.
                                                                                                                                                                                                              You can change the maximum number of servers displayed on a page in the lower left corner to add a maximum of 20 servers to a security group at a time.
                                                                                                                                                                                                               
                                                                                                                                                                                                              After the node is added to a new security group, the original security group is retained. To remove the instance, click Manage Instance of the original security group and select the node servers to be removed.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00399.html b/docs/cce/umn/cce_faq_00399.html
index d77d0b4a8..8ae540cc1 100644
--- a/docs/cce/umn/cce_faq_00399.html
+++ b/docs/cce/umn/cce_faq_00399.html
@@ -2,8 +2,8 @@
 
 
                                                                                                                                                                                                              Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              CCE has cloud service APIs and cluster APIs.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              • Cloud service APIs: You can perform operations on the infrastructure (such as creating nodes) and cluster resources (such as creating workloads).
                                                                                                                                                                                                                When using cloud service APIs, the cluster management (IAM) permissions must be configured.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              • Cluster APIs: You can perform operations on cluster resources (such as creating workloads) through the Kubernetes native API server, but not on cloud infrastructure resources (such as creating nodes).
                                                                                                                                                                                                                When using cluster APIs, you only need to add the cluster certificate. Only the users with the cluster management (IAM) permissions can download the cluster certificate. Note that information leakage may occur during certificate transmission.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • Cloud service APIs: You can perform operations on the infrastructure (such as creating nodes) and cluster resources (such as creating workloads).
                                                                                                                                                                                                                  When using cloud service APIs, the IAM permissions must be configured.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Cluster APIs: You can perform operations on cluster resources (such as creating workloads) through the Kubernetes native API server, but not on cloud infrastructure resources (such as creating nodes).
                                                                                                                                                                                                                  When using cluster APIs, you only need to add the cluster certificate. Only the users with the IAM permissions can download the cluster certificate. Note that information leakage may occur during certificate transmission.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_faq_00406.html b/docs/cce/umn/cce_faq_00406.html
index 091e26b2c..039a53d01 100644
--- a/docs/cce/umn/cce_faq_00406.html
+++ b/docs/cce/umn/cce_faq_00406.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                                                              How Do I Configure the IPv6 Service CIDR Block When Creating a CCE Turbo Cluster?
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Context
                                                                                                                                                                                                              To create an IPv4/IPv6 dual-stack CCE Turbo cluster, you need to set an IPv6 Service CIDR block. The default CIDR block is fc00::/112, which contains 65536 IPv6 addresses. If you need to customize a Service CIDR block, you can refer to this section.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Context
                                                                                                                                                                                                              To create an IPv4/IPv6 dual-stack CCE Turbo cluster, you need to set an IPv6 Service CIDR block. The default CIDR block is fc00::/112, which contains 65,536 IPv6 addresses. If you need to customize a Service CIDR block, you can refer to this section.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              IPv6
                                                                                                                                                                                                              IPv6 address
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              An IPv6 address is 128-bit binary string, four times the length of an IPv4 address. Therefore, the decimal format of IPv4 addresses is no longer applicable. IPv6 addresses are expressed in hexadecimal format. To convert a 128-bit binary string, it is transformed into a 32-bit hexadecimal string. These hexadecimal strings are grouped into sets of four (case insensitive) and separated by a colon (:). IPv6 addresses are divided into eight groups.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              An IPv6 address is a 128-bit binary string, four times the length of an IPv4 address. Therefore, the decimal format of IPv4 addresses is no longer applicable. IPv6 addresses are expressed in hexadecimal format. To convert a 128-bit binary string, it is transformed into a 32-bit hexadecimal string. These hexadecimal strings are grouped into sets of four (case insensitive) and separated by a colon (:). IPv6 addresses are divided into eight groups.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              An IPv6 address can be omitted in the following ways:
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • Omission of leading 0s: 0s can be omitted if the colon group starts with 0s. The following IPv6 addresses are the same.
                                                                                                                                                                                                                • ff01:0d28:03ee:0000:0000:0000:0000:0c23
                                                                                                                                                                                                                • ff01:d28:3ee:0000:0000:0000:0000:c23
                                                                                                                                                                                                                • ff01:d28:3ee:0:0:0:0:c23
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              • Omission of all-0s hextets: You can use a double colon (::) to represent a single contiguous string of all-0s segments. A double colon (::) can be used only once.
                                                                                                                                                                                                                Example:
@@ -35,14 +35,14 @@
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              IPv6 address segment
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              An IPv6 address segment is usually expressed in Classless Inter-Domain Routing (CIDR) format. It is usually represented by a slash (/) followed by a number, that is, IPv6 address/Prefix length. The function of the prefix is similar to that of the mask of the IPv4 address segment. The number of binary bits occupied by the network part represents the binary bits occupied by the network part. An IPv6 address consists of the network part and host part. The prefix specifies the number of bits occupied by the network part, and the remaining bits are the host part.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              An IPv6 address segment is usually expressed in CIDR format. It is usually represented by a slash (/) followed by a number, that is, IPv6 address/Prefix length. The function of the prefix is similar to that of the mask of the IPv4 address segment. The number of binary bits occupied by the network part represents the binary bits occupied by the network part. An IPv6 address consists of the network part and host part. The prefix specifies the number of bits occupied by the network part, and the remaining bits are the host part.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              For example, fc00:d28::/32 indicates an IPv6 address segment with a 32-bit prefix. The first 32 bits (fc00:d28 in binary mode) are the network part and the last 96 bits are available host part.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Constraints on IPv6 Service CIDR Blocks
                                                                                                                                                                                                              When setting the cluster service CIDR block, note the following constraints:
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • The IPv6 Service CIDR block must belong to the fc00::/8 CIDR block.
                                                                                                                                                                                                                The address is a unique local address (ULA). The ULA has a fixed prefix fc00::/7, including fc00::/8 and fd00::/8. The two ranges are similar to the dedicated IPv4 network addresses 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. They are equivalent to private CIDR blocks and can be used only on the local network.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              • The prefix ranges from 112 to 120. You can adjust the number of addresses by adjusting the prefix value. The maximum number of addresses is 65536.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            6. The prefix ranges from 112 to 120. You can adjust the number of addresses by adjusting the prefix value. The maximum number of addresses is 65,536.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Example of an IPv6 Service CIDR Block
                                                                                                                                                                                                      According to the constraints, this section provides an example of setting an IPv6 CIDR block that contains 8192 addresses for your reference.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Example of an IPv6 Service CIDR Block
                                                                                                                                                                                                      According to the constraints, this section provides an example of setting an IPv6 CIDR block that contains 8192 IP addresses for your reference.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      1. Set the prefix length based on the number of addresses. The prefix length ranges from 112 to 120.
                                                                                                                                                                                                        In this example, 8,192 IP addresses are required, which are represented by 13-bit binary strings. An IPv6 address has a total length of 128-bit binary strings. As a result, the prefix length of the IPv6 CIDR block is 115 (128-13). This means that the first 115 bits are used to distinguish the CIDR block, while the last 13 bits indicate 8,192 host IP addresses.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The following table shows how many IP addresses are there in an IPv6 CIDR block with the prefix ranging from 112 to 120.
                                                                                                                                                                                                        
 
@@ -101,7 +101,7 @@
 
                                                                                                                                                                                                      Table 3 Default ports in the security group for worker nodes that use a tunnel network
                                                                                                                                                                                                      Direction
                                                                                                                                                                                                      
@@ -259,7 +259,7 @@
 
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      These ports must permit requests from VPC, container, and ELB CIDR blocks.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The ports must allow traffic from the CIDR blocks of the VPC, load balancer, and container.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      UDP port range: 30000 to 32767
                                                                                                                                                                                                      
@@ -269,9 +269,9 @@
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Allow SSH access to ECSs.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Allow SSH access to Linux ECSs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      N/A
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The port must allow traffic from the CIDR blocks of the VPC, the control plane of the hosted service mesh, and container.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      TCP port 8445
                                                                                                                                                                                                      
@@ -433,7 +433,7 @@
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      CIDR block of master nodes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Allow master nodes to access kubelet on worker nodes, for example, by running kubectl exec {pod}.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Allow master nodes to access kubelet on worker nodes, for example, by running kubectl exec {pod}.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      No
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Yes
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      These ports must permit requests from VPC, container, and ELB CIDR blocks.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The ports must allow traffic from the CIDR blocks of the VPC, load balancer, and container.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      UDP port range: 30000 to 32767
                                                                                                                                                                                                      
@@ -458,9 +458,9 @@
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Allow SSH access to ECSs.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Allow SSH access to Linux ECSs.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      N/A
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      Allow kube-apiserver of the master nodes to listen to the worker nodes.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Recommended
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The port must allow traffic from the CIDR blocks of the VPC, the control plane of the hosted service mesh, and container.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      TCP port 8445
                                                                                                                                                                                                      
@@ -686,7 +686,7 @@
 
                                                                                                                                                                                                      Allow traffic on the port for domain name resolution.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      UDP port 4789 (required only for clusters that use the tunnel networks)
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      UDP port 4789 (required only by clusters that use the tunnel networks)
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      All IP addresses
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Allow worker nodes to access the VPC Endpoint (VPCEP) service.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      UDP port123
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      UDP port 123
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      100.126.0.0/16
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    64. Set the IPv6 network address, which must belong to the fc00::/8 CIDR block.
                                                                                                                                                                                                      In this example, the prefix length is 115. Because the network address must belong to the fc00::/8 CIDR block, the first 8-bit binary digits are fixed. The network address that can be modified ranges from the ninth bit to the 115th bit. The 116th bit to the 128th bit are the host part.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      If the IPv6 CIDR block is written in binary format, the following conditions are met:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If the IPv6 CIDR block is written in binary format, the following conditions must be met:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      • It must belong to fc00::/8, and the first eight bits in the binary string cannot be modified. Otherwise, the IPv6 CIDR block does not belong to fc00::/8. The CIDR block is fixed at 1111 1110, corresponding to fc in hexadecimal format.
                                                                                                                                                                                                      • The prefix length must be 115, and it must contain 8,192 IP addresses. The last 13 bits in the binary string are used to indicate the host IP address and are always 0.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      The following shows an example and the information in red cannot be modified:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Binary: 1111 1100 **** **** ... ***0 0000 0000 0000/115
diff --git a/docs/cce/umn/cce_faq_00417.html b/docs/cce/umn/cce_faq_00417.html
index 9a3f2d8c7..173ed57c7 100644
--- a/docs/cce/umn/cce_faq_00417.html
+++ b/docs/cce/umn/cce_faq_00417.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                                      How Do I Configure an Access Policy for a Cluster?
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      After the public API Server address is bound to the cluster, modify the security group rules of port 5443 on the master node to harden the access control policy of the cluster.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                                                      2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                                      3. Select Description as the filter criterion and paste the cluster ID to search for the target security groups.
                                                                                                                                                                                                      4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                                      5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console. On the Overview page, copy the cluster ID in the Basic Info area.
                                                                                                                                                                                                        2. Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups.
                                                                                                                                                                                                        3. Select Description as the filter criterion and paste the cluster ID to search for the target security group.
                                                                                                                                                                                                        4. Locate the row that contains the security group (starting with {CCE cluster name}-cce-control) of the master node and click Manage Rules in the Operation column.
                                                                                                                                                                                                        5. On the page displayed, locate the row that contains port 5443 and click Modify in the Operation column to modify its inbound rules.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        6. Change the source IP address that can be accessed as required. For example, if the IP address used by the client to access the API Server is 100.*.*.*, you can add an inbound rule for port 5443 and set the source IP address to 100.*.*.*.
                                                                                                                                                                                                           
                                                                                                                                                                                                          In addition to the client IP address, the port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh to ensure that the API Server can be accessed from within the cluster.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00429.html b/docs/cce/umn/cce_faq_00429.html
index 9b7b8855f..ff7d64ded 100644
--- a/docs/cce/umn/cce_faq_00429.html
+++ b/docs/cce/umn/cce_faq_00429.html
@@ -2,82 +2,82 @@
 
 
                                                                                                                                                                                                          How Do I Configure the Add-on Resource Quotas Based on Cluster Scale?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          After changing the cluster scale, adjust the add-on resource quotas based on the cluster scale to ensure that the add-on pods can run properly. For example, if you expand the cluster scale from 50 worker nodes to 200 worker nodes or more, increase the CPU and memory quotas of the add-on pods to avoid exceptions such as OOM caused by too many nodes required for scheduling the add-on pods.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Configuring Resource Quotas for coredns
                                                                                                                                                                                                          Queries per Second (QPS) of the coredns add-on is positively correlated with the CPU consumption. If the number of nodes or containers in the cluster grows, the coredns pod will bear heavier workloads. Adjust the number of the coredns pods and their CPU and memory quotas based on the cluster scale.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Configuring Resource Quotas for coredns
                                                                                                                                                                                                          Queries per Second (QPS) of the coredns add-on is positively correlated with the CPU consumption. If the number of nodes or containers in the cluster grows, the coredns pod will bear heavier workloads. Adjust the number of add-on pods and their CPU and memory quotas based on the cluster scale.
                                                                                                                                                                                                          
 
-
                                                                                                                                                                                                          Table 1 Recommended values for coredns
                                                                                                                                                                                                          Node
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -86,121 +86,121 @@
 
                                                                                                                                                                                                          Configuring Resource Quotas for everest
                                                                                                                                                                                                          After the cluster scale is adjusted, the everest specifications need to be modified based on the cluster scale and the number of PVCs. The requested CPU and memory can be increased based on the number of nodes and PVCs. For details, see Table 2.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          In non-typical scenarios, the formulas for estimating the limit values are as follows:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • everest-csi-controller
                                                                                                                                                                                                            • CPU limit: 250m for 200 or fewer nodes, 350m for 1000 nodes, and 500m for 2000 nodes
                                                                                                                                                                                                            • Memory limit = (200 Mi + Number of nodes x 1 Mi + Number of PVCs x 0.2 Mi) x 1.2
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • everest-csi-driver
                                                                                                                                                                                                            • CPU limit: 300m for 200 or fewer nodes, 500m for 1000 nodes, and 800m for 2000 nodes
                                                                                                                                                                                                            • Memory limit: 300 Mi for 200 or fewer nodes, 600 Mi for 1000 nodes, and 900 Mi for 2000 nodes
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • everest-csi-controller
                                                                                                                                                                                                              • CPU limit: 250m for 200 or fewer nodes, 350m for 1000 nodes, and 500m for 2000 nodes
                                                                                                                                                                                                              • Memory limit = (200 MiB + Number of nodes x 1 MiB + Number of PVCs x 0.2 MiB) x 1.2
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            • everest-csi-driver
                                                                                                                                                                                                              • CPU limit: 300m for 200 or fewer nodes, 500m for 1000 nodes, and 800m for 2000 nodes
                                                                                                                                                                                                              • Memory limit: 300 MiB for 200 or fewer nodes, 600 MiB for 1000 nodes, and 900 MiB for 2000 nodes
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
-
                                                                                                                                                                                                          Table 1 Recommended values for coredns
                                                                                                                                                                                                          Nodes
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Recommended Configuration
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Recommended Configuration (QPS)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Pod
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Pods
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CPU Request
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Request (m)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CPU Limit
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Limit (m)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Memory Request
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory Request (MiB)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Memory Limit
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory Limit (MiB)
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
                                                                                                                                                                                                          50
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2500 QPS
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          500m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          500m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          512Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          512
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          512Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          512
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          200
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5000 QPS
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1024Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1024
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1024Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1024
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          10,000 QPS
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          10000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2048Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2048
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2048Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2048
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          20,000 QPS
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          20000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          4
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2048Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2048
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2048Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2048
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
                                                                                                                                                                                                          Table 2 Recommended configuration limits in typical scenarios
                                                                                                                                                                                                          Configuration Scenario
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -213,13 +213,13 @@
 
-
-
-
-
@@ -227,52 +227,52 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -289,111 +289,111 @@
 
 
-
                                                                                                                                                                                                          Table 2 Recommended configuration limits in typical scenarios
                                                                                                                                                                                                          Configuration Scenario
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          everest-csi-controller
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          everest-csi-controller
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          everest-csi-driver
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          everest-csi-driver
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Nodes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Nodes
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          PVs/PVCs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          PVs/PVCs
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Add-on Instances
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Add-on Pods
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          vCPUs (Limit = Requested)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Cores (Limit = Request)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Memory (Limit = Requested)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory (Limit = Request)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          vCPUs (Limit = Requested)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Cores (Limit = Request)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Memory (Limit = Requested)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory (Limit = Request)
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          50
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          50
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          250m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          250m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          600 MiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          600 MiB
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          300m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          300m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          300 MiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          300 MiB
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          200
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          200
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          250m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          250m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1 GiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1 GiB
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          300m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          300m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          300 MiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          300 MiB
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          350m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          350m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2 GiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2 GiB
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          500m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          500m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          600 MiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          600 MiB
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          450m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          450m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          3 GiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          3 GiB
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          500m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          500m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          600 MiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          600 MiB
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          550m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          550m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4 GiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4 GiB
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          800m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          800m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          900 MiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          900 MiB
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          10000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          10000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          650m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          650m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5 GiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5 GiB
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          800m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          800m
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          900 MiB
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          900 MiB
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
                                                                                                                                                                                                          Pod
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CPU Request
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Request (m)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CPU Limit
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Limit (m)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Memory Request
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory Request (MiB)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Memory Limit
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory Limit (MiB)
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          200
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          1,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          2
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000m
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8000Mi
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
                                                                                                                                                                                                          
-
@@ -37,7 +37,7 @@
 
                                                                                                                                                                                                          Modifying the Flavor of an ECS
                                                                                                                                                                                                           
                                                                                                                                                                                                          The flavor of the ECS to be managed must be changed to that contained in the target node pool.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Log in to the ECS console.
                                                                                                                                                                                                          2. Click the name of the target ECS. On the page displayed, click Stop in the upper right corner. After the ECS is stopped, choose More > Modify Specifications in the Operation column.
                                                                                                                                                                                                          3. On the Modify ECS Specifications page, select the needed flavor and submit the application.
                                                                                                                                                                                                          4. Go back to the ECS list page and start the ECS.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the ECS console.
                                                                                                                                                                                                          2. Click the name of the target ECS. On the page displayed, click Stop. After the ECS is stopped, choose More > Modify Specifications in the Operation column.
                                                                                                                                                                                                          3. On the Modify ECS Specifications page, select the needed flavor and submit the application.
                                                                                                                                                                                                          4. Go back to the ECS list page and start the ECS.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Changing Data Disk Configuration of an ECS
                                                                                                                                                                                                           
                                                                                                                                                                                                          The number, space, and type of data disks of the ECS to be managed must be the same as those of data disks in the node pool.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
@@ -49,9 +49,9 @@
 
                                                                                                                                                                                                          Data Disk Space
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Log in to the ECS console.
                                                                                                                                                                                                          2. Click the name of the target ECS to access the ECS details page.
                                                                                                                                                                                                          3. Click the Disks tab and click Expand Capacity on the right of the EVS disk to be expanded.
                                                                                                                                                                                                          4. Configure New Capacity following instructions.
                                                                                                                                                                                                          5. Click Next and submit the order following instructions.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Data Disk Type
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Log in to the ECS console.
                                                                                                                                                                                                          2. Click the name of the target ECS to access the ECS details page.
                                                                                                                                                                                                          3. Click the Disks tab and click Modify Specifications on the right of the right of the EVS disk to be expanded.
                                                                                                                                                                                                          4. Configure Disk Type following instructions.
                                                                                                                                                                                                          5. Click Submit.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the ECS console.
                                                                                                                                                                                                          2. Click the name of the target ECS to access the ECS details page.
                                                                                                                                                                                                          3. Click the Disks tab and click Modify Specifications on the right of the EVS disk to be expanded.
                                                                                                                                                                                                          4. Configure Disk Type following instructions.
                                                                                                                                                                                                          5. Click Submit.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Change the ECS Group of an ECS
                                                                                                                                                                                                           
                                                                                                                                                                                                          The ECS group of the ECS to be managed must be the same as that of the target node pool.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Changing the ECS Group of an ECS
                                                                                                                                                                                                           
                                                                                                                                                                                                          The ECS group of the ECS to be managed must be the same as that of the target node pool.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1. Log in to the ECS console.
                                                                                                                                                                                                          2. In the navigation pane, choose Elastic Cloud Server > ECS Group.
                                                                                                                                                                                                          3. Locate the row containing the target ECS group and click Add ECS in the Operation column.
                                                                                                                                                                                                          4. In the dialog box displayed, select the ECS to be added.
                                                                                                                                                                                                          5. Click OK to add the ECS to the ECS group.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00445.html b/docs/cce/umn/cce_faq_00445.html
new file mode 100644
index 000000000..d333d249a
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00445.html
@@ -0,0 +1,19 @@
+
+
+
                                                                                                                                                                                                          What Are the Impacts of Changing the Flavor of a Node in a CCE Node Pool?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Context
                                                                                                                                                                                                          After you change the flavor of a node in a CCE node pool on the ECS console and then synchronize the ECS status on the CCE console, the node flavor no longer matches the configurations in the node pool.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Impact
                                                                                                                                                                                                          When you change the node flavor, it also changes the node parameters such as CPU, memory, and ENI quota (available IP addresses). This can cause the auto scaling settings of the node pool where the node is located to not function as expected.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Assume that the CPU and memory of a node are increased from 2 vCPUs and 4 GiB of memory to 4 vCPUs and 8 GiB of memory.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • During node pool scale-out, the total number of resources in the node pool may exceed the upper limit of the CPU or memory. Expanding a node pool involves calculating resources based on the node template. However, changing the node flavor on the ECS console can cause inconsistencies with the configurations in the node pool, resulting in inaccurate CPU and memory usage for the cluster.
                                                                                                                                                                                                          • During node pool scale-in, too many CPU or memory resources may be scaled down. If the node with changed flavor is removed, the actual number of CPUs or memory to be scaled down (4 vCPUs and 8 GiB of memory) may be greater than the expected 2 vCPUs and 4 GiB of memory.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          You are not advised to change the flavor of a node in a node pool. Instead, you can update the node pool and add nodes of other flavors to it. The original node will be removed after services are scheduled to the new nodes.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Nodes.
                                                                                                                                                                                                          2. Locate the row containing the target node pool and click Update.
                                                                                                                                                                                                          3. In the Specifications area, select new flavors, click Next: Confirm, and submit the request.
                                                                                                                                                                                                          4. After the node pool configurations are updated, locate the row containing the target node pool and click Scaling.
                                                                                                                                                                                                          5. In the window that slides out from the right, select the node flavors to be expanded, configure the number of nodes to be added, and click OK.
                                                                                                                                                                                                          6. Click the Nodes tab, locate the row containing the target node, and choose More > Nodal Drainage to safely evict the service pods on the node.
                                                                                                                                                                                                          7. After the service pods are scheduled to a new node, locate the row containing the target node pool, click Scaling, select the flavor of the node to be reduced, configure the number of nodes to be removed, and click OK.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Specification Change
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00446.html b/docs/cce/umn/cce_faq_00446.html
new file mode 100644
index 000000000..36b9f552b
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00446.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                                                                                                          How Can I Check Whether an ENI Is Used by a Cluster?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Scenarios
                                                                                                                                                                                                          Pod subnets can be deleted from CCE Turbo clusters of v1.23.17-r0, v1.25.12-r0, v1.27.9-r0, v1.28.7-r0, v1.29.3-r0, or later versions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Deleting a pod subnet from a cluster can be risky. It is important to ensure that none of the ENIs currently in use by the cluster belong to the subnet, including those being used by pods and pre-bound to pods.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Procedure
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                          2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                                                          3. In the Container Network area, copy the network ID of the subnet. (The default-network is used as an example.)
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          4. Log in to the VPC console. In the navigation pane, choose Virtual Private Cloud > Subnets. In the right pane, obtain the target subnet based on the network ID.
                                                                                                                                                                                                          5. Click the subnet name to access the details page. Click the Summary tab, locate the Resources area, click the number next to Network Interfaces, and view the network interfaces associated with the subnet.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          6. Check the names or descriptions of the network interfaces. If the name or description of a network interface contains the ID of the cluster, it indicates that the network interface is used by the cluster. You can obtain the cluster ID on the Overview page of the CCE console.
                                                                                                                                                                                                            To delete the subnet ENIs used in the cluster, submit a service ticket.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Network Configuration
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00447.html b/docs/cce/umn/cce_faq_00447.html
new file mode 100644
index 000000000..58c31296a
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00447.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                                                          How Can I Delete a Security Group Rule Associated with a Deleted Subnet?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Scenarios
                                                                                                                                                                                                          Pod subnets can be deleted from CCE Turbo clusters of v1.23.17-r0, v1.25.12-r0, v1.28.7-r0, or later versions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          When you delete a subnet, CCE does not automatically remove the security group rules associated with the subnet in the default node security group created by CCE. You must manually delete these rules.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Procedure
                                                                                                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                          2. In the navigation pane, choose Settings and click the Network tab.
                                                                                                                                                                                                          3. In the Container Network area, copy the IPv4 CIDR block of the subnet. (The default-network is used as an example.)
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          4. In the navigation pane, choose Overview. In the Networking Configuration area, click the name of the default node security group.
                                                                                                                                                                                                          5. On the page displayed, click the Inbound Rules tab, locate the row containing the subnet CIDR block based on the source IP address, and find the corresponding security group rule.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          6. Click Delete in the Operation column.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Network Configuration
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00460.html b/docs/cce/umn/cce_faq_00460.html
new file mode 100644
index 000000000..4996d035b
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00460.html
@@ -0,0 +1,77 @@
+
+
+
                                                                                                                                                                                                          How Can I Determine Which Ingress the Listener Settings Have Been Applied To?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          With CCE, you can associate multiple ingresses with a single load balancer listener and establish various forwarding policies. Listener configuration parameters are stored in annotations, which means that a listener can have different configuration parameters on different ingresses. This section describes how to determine which ingress the listener settings are applied to. It covers:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Obtaining the first ingress
                                                                                                                                                                                                          • Configuring and updating a listener certificate
                                                                                                                                                                                                          • Impacts of deleting the first ingress on listener settings and configuration synchronization
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Obtaining the First Ingress
                                                                                                                                                                                                          Listener parameters can be configured for all ingresses associated with the same listener, so CCE uses the listener annotation configurations (excluding SNI certificates) from the earliest created ingress (the first ingress). The first ingress is determined by sorting the metadata.createTimestamp fields of the ingresses in ascending order.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • The first ingress information is written into annotations in clusters of v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, v1.29.1-r0, and later. You can check kubernetes.io/elb.listener-master-ingress in the annotations of the existing ingresses.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • To get the first ingress in clusters earlier than v1.21.15-r0, v1.23.14-r0, v1.25.9-r0, v1.27.6-r0, v1.28.4-r0, and v1.29.1-r0, use the kubectl command to obtain the ingresses associated with the same load balancer listener, sort these ingresses in ascending order, based on their creation time, and check the first one.
                                                                                                                                                                                                            The query command is as follows: (Replace the load balancer ID and port number as needed.)
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            elb_id=${1}
+elb_port=${2}
+kubectl get ingress --all-namespaces --sort-by='.metadata.creationTimestamp' -o=custom-columns=Name:'metadata.name',Namespace:'metadata.namespace',elbID:'metadata.annotations.kubernetes\.io\/elb\.id',elbPort:'metadata.annotations.kubernetes\.io\/elb\.port',elbPorts:'metadata.annotations.kubernetes\.io\/elb\.listen-ports' | awk 'NR==1 {print; next} {if ($5 != "<none>") $4 = "<none>"; print}' | grep -E "^Name|${elb_id}" | grep -E "^Name|${elb_port}" | awk '{printf "%-30s %-30s %-38s %-10s %-10s\n", $1, $2, $3, $4, $5}'
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            In the command output, the first column specifies the ingress names, the second specifies the namespaces, the third specifies the load balancer IDs, the fourth specifies the listener ports, and the fifth specifies the ports of multiple listeners. (If multiple listener port numbers are configured, they will replace the listener port numbers and become effective.)
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Name             Namespace   elbID                                  elbPort   elbPorts
+ingress-first    default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
+ingress-second   default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
+ingress-third    test        be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Configuring and Updating a Listener Certificate
                                                                                                                                                                                                          You can configure an ingress certificate in a cluster using either of the following methods:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Use a TLS certificate, keep it as a secret, and manage it on CCE. TLS certificates are configured using the spec.tls fields in ingresses. They will be automatically created, updated, or deleted via the ELB console.
                                                                                                                                                                                                          • Use a certificate created in the ELB service. The certificate content is maintained on the ELB console. Such certificates are configured in the annotation fields in ingresses.
                                                                                                                                                                                                            ELB server certificates are also maintained on the ELB console, so you do not need to import the certificate content to CCE secrets. This allows for unified cross-namespace configuration. It is recommended that you use ELB server certificates to configure the certificates for ingresses.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            ELB server certificates are supported in clusters of versions v1.19.16-r2, v1.21.5-r0, and v1.23.3-r0.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          To update the listener server certificate created by an ingress using a TLS certificate, follow these steps:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Check the command in Obtaining the First Ingress and obtain all ingresses associated with the same listener.
                                                                                                                                                                                                            Name             Namespace   elbID                                  elbPort   elbPorts
+ingress-first    default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
+ingress-second   default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
+ingress-third    test        be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. Obtain the certificate configuration in the first ingress.
                                                                                                                                                                                                            apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-first
+  namespace: default
+  ...
+spec:
+  tls:
+    - secretName: default-ns-secret-1
+    - hosts:
+        - 'example.com'
+      secretName: default-ns-secret-2
+...
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          3. Update the configurations of default-ns-secrert-1 and default-ns-secret-2 in the first ingress.
                                                                                                                                                                                                          4. After the key is updated, log in to the network console. In the navigation pane, choose Elastic Load Balance > Certificates. In the right pane, check whether the server certificate has been updated based on the update time.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          To update the listener server certificate created by an ingress using an ELB certificate, follow these steps:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. On the ELB console, obtain the ID of the server certificate used by the load balancer listener.
                                                                                                                                                                                                            1. Log in to the network console. In the navigation pane, choose Elastic Load Balance > Load Balancers. In the right pane, click the name of the target load balancer.
                                                                                                                                                                                                            2. Click the Listeners tab and click the name of the target listener to go to the details page.
                                                                                                                                                                                                            3. On the Summary tab, obtain the server certificate ID.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. In the navigation pane, choose Elastic Load Balance > Certificates, search for the certificate based on the obtained server certificate ID, locate the row containing the target certificate, and click Modify in the Operation column.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Impacts of Deleting the First Ingress on Listener Settings
                                                                                                                                                                                                          Listener settings only apply to the first ingress configuration (excluding SNI certificates). If the first ingress is deleted, the earliest created ingress in use becomes the new first ingress, and the listener settings will be updated accordingly. This means that if the listener settings of the old and new first ingresses are different, there may be unexpected updates on the ELB console. To avoid this, check if the listener configuration of the ingress that will become the new first ingress is the same as the one for the original first ingress, or otherwise meets your expectations.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • You can synchronize the listener settings on the console. The procedure is as follows:
                                                                                                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                                            2. In the navigation pane, choose Services, click the Ingresses tab, and choose More > Update in the Operation column.
                                                                                                                                                                                                            3. Click Synchronize to automatically synchronize the server certificate. This option is available when the listener settings of the ingress are inconsistent with those of the load balancer.
                                                                                                                                                                                                               
                                                                                                                                                                                                              If you synchronize a server certificate and an SNI certificate, and the current ingress is using a TLS key, the certificate will be replaced with an ELB server certificate. If the cluster version is earlier than v1.19.16-r2, v1.21.5-r0, v1.23.3-r0 and does not support ELB server certificates, you need to manually synchronize the configurations using YAML.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            4. Click OK to apply the modification.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • You can manually synchronize the listener settings using YAML. The procedure is as follows:
                                                                                                                                                                                                            1. Check the command in Obtaining the First Ingress and obtain all ingresses associated with the same listener.
                                                                                                                                                                                                              Name             Namespace   elbID                                  elbPort   elbPorts
+ingress-first    default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
+ingress-second   default     be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
+ingress-third    test        be56202a-c2cb-40d5-900e-d7a007a4b054   443       <none>
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            2. Before deleting some ingresses such as ingress-first and ingress-second, synchronize the listener settings of ingress-first to the annotations of ingress-third.
                                                                                                                                                                                                              If the listener server certificate was created using a TLS key, you need to synchronize the configurations saved in the ingress' spec.tls to ingress-third.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-first
+  namespace: default
+  ...
+spec:
+  tls:
+    - secretName: default-ns-secret-1
+    - hosts:
+        - 'example.com'
+      secretName: default-ns-secret-2
+...
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Network Configuration
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_productdesc_0000.html b/docs/cce/umn/cce_productdesc_0000.html
index c8f0af6e9..429d62bac 100644
--- a/docs/cce/umn/cce_productdesc_0000.html
+++ b/docs/cce/umn/cce_productdesc_0000.html
@@ -9,17 +9,17 @@
 
                                                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_productdesc_0001.html b/docs/cce/umn/cce_productdesc_0001.html
index 94fb4f835..5d07494f7 100644
--- a/docs/cce/umn/cce_productdesc_0001.html
+++ b/docs/cce/umn/cce_productdesc_0001.html
@@ -1,77 +1,77 @@
 
 
 
                                                                                                                                                                                                          What Is CCE?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Cloud Container Engine (CCE) is a hosted Kubernetes cluster service for enterprises. It offers complete lifecycle management for containerized applications and delivers scalable, high-performance solutions for deploying and managing cloud native applications.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Why CCE?
                                                                                                                                                                                                          CCE is a one-stop platform integrating compute (ECS), networking (VPC, EIP, and ELB), storage (EVS, OBS, and SFS), and many other services. Multi-AZ, multi-region disaster recovery ensures high availability of Kubernetes clusters.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Cloud Container Engine (CCE) is a Kubernetes cluster hosting service for enterprises. It manages the enter lifecycle of containerized applications and delivers scalable, high-performance solutions for deploying and managing cloud native applications.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Why CCE?
                                                                                                                                                                                                          CCE is a one-stop platform integrating compute (ECS), networking (VPC, EIP, and ELB), storage (EVS, OBS, and SFS), and many other services. Multi-AZ, multi-region disaster recovery (DR) ensures high availability (HA) of Kubernetes clusters.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          For more information, see Product Advantages and Application Scenarios.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          CCE Cluster Types
                                                                                                                                                                                                          There are multiple CCE products.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE Cluster Types
                                                                                                                                                                                                          There are multiple types of CCE clusters.
                                                                                                                                                                                                          
 
-
                                                                                                                                                                                                          Table 4 Recommended values for volcano-controller and volcano-scheduler
                                                                                                                                                                                                          Nodes/Pods in a Cluster
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                          Table 4 Recommended requested resources and resource limits for volcano-controller and volcano-scheduler
                                                                                                                                                                                                          Nodes/Pods in a Cluster
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Requested vCPUs (m)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Request (m)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          vCPU Limit (m)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CPU Limit (m)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Requested Memory (MiB)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory Request (MiB)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Memory Limit (MiB)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Memory Limit (MiB)
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          50/5000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          50/5000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          100/10,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          100/10000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          200/20,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          200/20000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          1500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          3000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          3000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          300/30,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          300/30000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          400/40,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          400/40000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          2500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          500/50,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          500/50000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          3000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          3000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          6500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          6500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          600/60,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          600/60000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          3500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          6500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          6500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          7500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          7500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          700/70,000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          700/70000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4000
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4000
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          5500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          7500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          7500
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          8500
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          8500
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Configuring Resource Quotas for Other Add-ons
                                                                                                                                                                                                          Resource quotas of other add-ons may also be insufficient due to cluster scale expansion. If, for example, the CPU or memory usage of the add-on pods increases and even OOM occurs, modify the resource quotas as required.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          For example, the resources occupied by the kube-prometheus-stack add-ons are related to the number of pods in the cluster. If the cluster scale is expanded, the number of pods may also grow. In this case, increase the resource quotas of the prometheus pods.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          For example, the resources occupied by the kube-prometheus-stack add-on are related to the number of pods in the cluster. If the cluster scale is expanded, the number of pods may also grow. In this case, increase the resource quotas of the prometheus pods.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00432.html b/docs/cce/umn/cce_faq_00432.html
index c632c5172..dc2009696 100644
--- a/docs/cce/umn/cce_faq_00432.html
+++ b/docs/cce/umn/cce_faq_00432.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                          What Should I Do If a Node Pool Scale-Out Fails?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Fault Locating
                                                                                                                                                                                                          Locate the fault based on the event of the failure to scale out a node pool, as shown in Table 1.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Fault Locating
                                                                                                                                                                                                          Locate the fault based on the events of the failure to scale out a node pool, as shown in Table 1.
                                                                                                                                                                                                          
 
 
                                                                                                                                                                                                          
@@ -27,6 +27,15 @@
 
+
+
+
+
                                                                                                                                                                                                          Table 1 Node pool scale-out failure
                                                                                                                                                                                                          Event
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Invalid KMS Key ID
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Security group [*****] not found
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This issue can arise in the following scenarios:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A custom security group is set up for the node pool but gets deleted, so the node pool scale-out fails.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          No custom security group is configured for the node pool and the default security group is deleted, so the node pool scale-out fails.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The Security Group Specified by the Node Pool Deleted
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
@@ -45,6 +54,13 @@
 
                                                                                                                                                                                                          Solution:
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • If the scale-out fails due to the first cause, ensure that the entered key ID exists.
                                                                                                                                                                                                          • If the scale-out fails due to second cause, use the ID of the shared key that has been authorized to you.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The Security Group Specified by the Node Pool Deleted
                                                                                                                                                                                                          When a node pool fails to be expanded, the event contains the following information:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Security group [*****] not found
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This issue can arise in the following scenarios:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Scenarios 1: A custom security group is set up for the node pool but gets deleted, so the node pool scale-out fails.
                                                                                                                                                                                                          • Scenarios 2: No custom security group is configured for the node pool and the default security group is deleted, so the node pool scale-out fails.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Scenario 1: Update the security group specified by the customSecurityGroups field by calling the API for updating a node pool. 
                                                                                                                                                                                                          • Scenario 2: Log in to the CCE console and change the default node security group  on the Settings page of the cluster. The new node security group must meet the communication rules of the cluster ports. For details, see How Can I Configure a Security Group Rule in a Cluster?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00443.html b/docs/cce/umn/cce_faq_00443.html
index 65e77960e..2bb6580a6 100644
--- a/docs/cce/umn/cce_faq_00443.html
+++ b/docs/cce/umn/cce_faq_00443.html
@@ -29,7 +29,7 @@
 
 
                                                                                                                                                                                                          Change the ECS group of the ECS to be the same as that of the node pool.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Change the ECS Group of an ECS
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Changing the ECS Group of an ECS
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
 
 
                                                                                                                                                                                                          Category
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_productdesc_0002.html b/docs/cce/umn/cce_productdesc_0002.html
index 15ac2d473..aed3e1e90 100644
--- a/docs/cce/umn/cce_productdesc_0002.html
+++ b/docs/cce/umn/cce_productdesc_0002.html
@@ -1,26 +1,26 @@
 
                                                                                                                                                                                                          Permissions
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          CCE allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of IAM and RBAC to provide a variety of authorization methods, including IAM fine-grained/token authorization and cluster-/namespace-scoped authorization.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          CCE permissions are described as follows:
                                                                                                                                                                                                          • Cluster-level permissions: Cluster-level permissions management evolves out of the system policy authorization feature of IAM. IAM users in the same user group have the same permissions. On IAM, you can configure system policies to describe which IAM user groups can perform which operations on cluster resources. For example, you can grant user group A to create and delete cluster X, add a node, or install an add-on, while granting user group B to view information about cluster X.
                                                                                                                                                                                                            Cluster-level permissions involve CCE non-Kubernetes APIs and support fine-grained IAM policies.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            CCE permissions management allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of IAM and RBAC to provide a variety of authorization methods, including IAM fine-grained/token authorization and cluster-/namespace-scoped authorization.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            CCE permissions are described as follows:
                                                                                                                                                                                                            • Cluster-level permissions: Cluster-level permissions management evolves out of the system policy authorization feature of IAM. IAM users in the same user group have the same permissions. A user group is simply a group of users. By granting cluster permissions to specific user groups, you can enable those users to perform various operations on clusters, including creating or deleting clusters, nodes, node pools, charts, and add-ons. In the meantime, you can restrict other user groups to only view clusters.
                                                                                                                                                                                                              Cluster-level permissions involve non-Kubernetes native APIs and support fine-grained IAM policies.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            • Namespace-level permissions: You can regulate users' or user groups' access to Kubernetes resources, such as workloads, jobs, and Services, in a single namespace based on their Kubernetes RBAC roles. CCE has also been enhanced based on open-source capabilities. It supports RBAC authorization based on IAM user or user group, and RBAC authentication on access to APIs using IAM tokens.
                                                                                                                                                                                                              Namespace-level permissions involve CCE Kubernetes APIs and are enhanced based on the Kubernetes RBAC capabilities. Namespace-level permissions can be granted to IAM users or user groups for authentication and authorization, but are independent of fine-grained IAM policies. For details, see Using RBAC Authorization.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                             
                                                                                                                                                                                                            • Cluster-level permissions are configured only for cluster-related resources (such as clusters and nodes). You must also configure namespace permissions to operate Kubernetes resources (such as workloads, jobs, and Services).
                                                                                                                                                                                                            • After you create a cluster, CCE automatically assigns the cluster-admin permission to you, which means you have full control on all resources in all namespaces in the cluster.
                                                                                                                                                                                                            • When viewing CCE resources on the console, the resources displayed depend on the namespace permissions. If no namespace permissions are granted, the console will not show you the resources.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Cluster-level Permissions (Assigned by Using IAM System Policies)
                                                                                                                                                                                                            By default, new IAM users do not have permissions assigned. Add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            CCE is a project-level service deployed and accessed in specific physical regions. To assign CCE permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing CCE, the users need to switch to a region where they have been authorized to use the CCE service.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Cluster-level Permissions (Assigned by Using IAM System Policies)
                                                                                                                                                                                                            New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups. The IAM users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            CCE is a project-level service deployed for specific regions. To assign CCE permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing CCE, the users need to switch to the authorized region.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            You can grant users permissions by using roles and policies.
                                                                                                                                                                                                            • Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to assign permissions, assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
                                                                                                                                                                                                            • Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can assign users only the permissions for managing a certain type of clusters and nodes. 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Table 1 lists all the system permissions supported by CCE.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Table 1 lists all the system-defined permissions for CCE.
                                                                                                                                                                                                            
 
-
                                                                                                                                                                                                          Category
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Subcategory
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Subcategory
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CCE Standard
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE Standard
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CCE Turbo
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE Turbo
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Positioning
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Positioning
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          -
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          -
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Standard clusters that provide highly reliable and secure containers for commercial use
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Next-generation clusters designed for Cloud Native 2.0, with accelerated compute, networking, and scheduling
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Application scenario
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Application scenario
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          -
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          -
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          For users who expect to use container clusters to manage applications, obtain elastic computing resources, and enable simplified management on computing, network, and storage resources
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          For users who expect to use container clusters to manage applications, obtain elastic compute resources, and enable simplified management on compute, network, and storage resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          For users who have higher requirements on performance, resource utilization, and full-scenario coverage
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Specification difference
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Specification difference
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Network model
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Network model
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Cloud-native network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Cloud native 1.0 networks: for scenarios where requirements on performance are not high and there are not so many containers
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • Tunnel network
                                                                                                                                                                                                          • Virtual Private Cloud (VPC) network
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Cloud Native 2.0 networks: for scenarios where requirements on performance are high and there are many containers
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Max networking scale: 2,000 nodes
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Network performance
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Network performance
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The container network is overlaid with the VPC network, causing certain performance loss.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The VPC network and container network are flattened into one for zero performance loss.
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Network isolation
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Network isolation
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                                                                                          • VPC network model: supports no isolation.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Tunnel network model: network policies supported for communications within a cluster
                                                                                                                                                                                                          • VPC network model: isolation not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Pods can be associated with security groups for isolation. This isolation policy, based on security groups, ensures consistent security isolation both within and outside of a cluster.
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Security isolation
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Security isolation
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Runs common containers, isolated by cgroups.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          cgroups are used to isolate common containers.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          • Physical machine: runs secure containers, allowing VM-level isolation.
                                                                                                                                                                                                          • Runs common containers, isolated by cgroups.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • VM-level isolation is supported for secure containers that run only on physical machines.
                                                                                                                                                                                                          • cgroups are used to isolate common containers.
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Edge infrastructure management
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Edge infrastructure management
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Supports management of CloudPond edge sites.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Management of CloudPond edge sites
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
 
                                                                                                                                                                                                          Table 1 System permissions supported by CCE
                                                                                                                                                                                                          Role/Policy Name
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
-
@@ -59,7 +59,7 @@
 
                                                                                                                                                                                                          Table 1 System-defined permissions for CCE
                                                                                                                                                                                                          Role/Policy Name
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Description
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Type
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Dependency
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Dependencies
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
-
                                                                                                                                                                                                          Table 2 Common operations supported by CCE system policies
                                                                                                                                                                                                          Operation
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
@@ -71,339 +71,339 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -414,10 +414,10 @@
 
                                                                                                                                                                                                          • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                                                                                                                                                                                          • RoleBinding: defines the relationship between users and roles.
                                                                                                                                                                                                          • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                                                                                                                                                                                          • ClusterRoleBinding: defines the relationship between users and cluster roles.
                                                                                                                                                                                                          Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. See the following figure.
                                                                                                                                                                                                          Figure 1 Role binding
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                                                                                                                          • view (read-only): read-only permission on most resources in all or selected namespaces.
                                                                                                                                                                                                          • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                                                                                                                          • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                                                                                                                          • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                                                                                                          • drainage-editor: drain a node.
                                                                                                                                                                                                          • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                                                                                                                          • view (read-only): read-only permission on most resources in all or selected namespaces.
                                                                                                                                                                                                          • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                                                                                                                          • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                                                                                                                          • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                                                                                                                          • drainage-editor: drain a node.
                                                                                                                                                                                                          • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          In addition to the preceding typical ClusterRoles, you can define Role and RoleBinding to grant the permissions to add, delete, modify, and obtain global resources (such as nodes, PVs, and CustomResourceDefinitions) and different resources (such as pods, Deployments, and Services) in namespaces for refined permission control.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In addition to the preceding typical ClusterRoles, you can define Role and RoleBinding to grant permissions to add, delete, modify, and obtain resources (such as nodes, PVs, and CustomResourceDefinitions) and different resources (such as pods, Deployments, and Services) within specific namespaces. This allows for more precise permission control.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_productdesc_0003.html b/docs/cce/umn/cce_productdesc_0003.html
index f8d7185aa..90dd65f91 100644
--- a/docs/cce/umn/cce_productdesc_0003.html
+++ b/docs/cce/umn/cce_productdesc_0003.html
@@ -3,21 +3,22 @@
 
                                                                                                                                                                                                          Product Advantages
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Why CCE?
                                                                                                                                                                                                          CCE is a container service developed on Docker and Kubernetes. It offers a wide range of features that allow you to run containers on a large scale. CCE containers are highly reliable, have high-performance, and compatible with open-source communities, making them an ideal choice for enterprise needs.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Easy to Use
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • Creating a Kubernetes cluster is as easy as a few clicks on the web user interface (WebUI). The Kubernetes cluster supports management of VM nodes and applies to the scenario where VMs and physical machines are used together.
                                                                                                                                                                                                          • CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                                          • You can resize clusters and workloads by setting auto scaling policies. In-the-moment load spikes are no longer headaches.
                                                                                                                                                                                                          • The console walks you through the steps to upgrade Kubernetes clusters.
                                                                                                                                                                                                          • CCE supports turnkey Helm charts.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Creating CCE clusters (CCE standard, CCE Turbo, and CCE Autopilot) is a breeze with just a few clicks on the web page. You can deploy VMs in a cluster.
                                                                                                                                                                                                          • CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                                          • You can resize clusters and workloads by setting auto scaling policies. In-the-moment load spikes are no longer headaches.
                                                                                                                                                                                                          • The console walks you through the steps to upgrade Kubernetes clusters.
                                                                                                                                                                                                          • CCE seamlessly integrates with Helm charts and add-ons to provide an out-of-the-box user experience.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          High Performance
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • CCE draws on years of field experience in compute, networking, storage, and heterogeneous infrastructure and provides you high-performance cluster services. You can concurrently launch containers at scale.
                                                                                                                                                                                                          • AI computing is 3x to 5x better with NUMA bare metal servers and high-speed InfiniBand network cards.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • CCE draws on years of field experience in compute, networking, storage, and heterogeneous infrastructure and provides you high-performance cluster services. You can concurrently launch containers at scale.
                                                                                                                                                                                                          • AI computing is 3x to 5x better with NUMA BMSs and high-speed InfiniBand network cards.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Highly Available and Secure
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • HA: Three master nodes in different AZs for your cluster control plane. Multi-active DR for your nodes and workloads. All these ensure service continuity when one of the nodes is down or an AZ gets hit by natural disasters.
                                                                                                                                                                                                            Figure 1 High-availability setup of clusters
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • Secure: Integrating IAM and Kubernetes RBAC, CCE clusters are under your full control. You can set different RBAC permissions for IAM users on the console.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • HA: Three master nodes in different AZs for your cluster control plane. Multi-active DR for your nodes and workloads. All these ensure service continuity when one of the nodes is down or an AZ gets hit by natural disasters.
                                                                                                                                                                                                            Figure 1 Achieving cluster HA
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Secure: Integrating IAM and Kubernetes RBAC, CCE clusters are under your full control. You can set different RBAC permissions for IAM users on the console.
                                                                                                                                                                                                            CCE offers secure containers so that each pod runs on a separate micro-VM, has its own OS kernel, and is securely isolated at the virtualization layer.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Open and Compatible
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • CCE runs on Docker that automates container deployment, discovery, scheduling, and scaling.
                                                                                                                                                                                                          • CCE is compatible with native Kubernetes APIs and kubectl. Updates from Kubernetes and Docker communities are regularly incorporated into CCE.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • CCE uses Docker to simplify the management of containerized applications by providing features such as deployment, resource scheduling, networking, and auto scaling.
                                                                                                                                                                                                          • CCE is compatible with native Kubernetes APIs and kubectl. Updates from Kubernetes and Docker communities are regularly incorporated into CCE.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Comparative Analysis of CCE and On-Premises Kubernetes Cluster Management Systems
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Table 2 Common operations supported by system-defined permissions
                                                                                                                                                                                                          Operation
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          CCE ReadOnlyAccess
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Creating a cluster
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Deleting a cluster
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Updating a cluster, for example, updating cluster node scheduling parameters and providing RBAC support to clusters
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Upgrading a cluster
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Waking up a cluster
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Hibernating a cluster
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all clusters
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Querying cluster details
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Adding a node
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Deleting one or more nodes
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Updating a cluster node, for example, updating the node name
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Updating a node. For example, changing the node name.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Querying node details
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all nodes
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all jobs
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Deleting one or more cluster jobs
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Querying job details
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Creating a storage volume
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Deleting a storage volume
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Performing operations on all Kubernetes resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √ (Kubernetes RBAC required)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported (Kubernetes RBAC required)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √ (Kubernetes RBAC required)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported (Kubernetes RBAC required)
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Viewing all CIA resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Performing operations on all CIA resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Performing all operations on ECSs
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Performing all operations on EVS disks
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          EVS disks can be attached to cloud servers and scaled to a higher capacity whenever needed.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Performing all operations on VPC
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          A cluster must run in a VPC. When creating a namespace, create or associate a VPC for the namespace so that all containers in the namespace will run in the VPC.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Viewing details of all resources on an ECS
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          In CCE, a node is an ECS with multiple EVS disks.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all resources on an ECS
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Viewing details about all EVS disk resources EVS disks can be attached to cloud servers and scaled to a higher capacity whenever needed.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all EVS resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Viewing details about all VPC resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          A cluster must run in a VPC. When creating a namespace, create or associate a VPC for the namespace so that all containers in the namespace will run in the VPC.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all VPC resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Viewing details about all ELB resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all ELB resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          x
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Not supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Viewing details about all SFS resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Listing all SFS resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Viewing details about all AOM resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Listing AOM resources
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Listing all AOM resources
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Performing all operations on AOM auto scaling rules
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          √
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Supported
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
 
 
 
                                                                                                                                                                                                          
-
@@ -25,7 +26,7 @@
 
-
-
-
-
-
-
                                                                                                                                                                                                          Table 1 CCE clusters versus on-premises Kubernetes clusters
                                                                                                                                                                                                          Area of Focus
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          On-Premises Kubernetes Cluster
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CCE
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE Cluster
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
                                                                                                                                                                                                          You have to handle all the complexity in deploying and managing Kubernetes clusters. Cluster upgrades are often a heavy burden to O&M personnel.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Easy to manage and use clusters
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Easy to manage and use clusters
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          You can create and update a Kubernetes container cluster in a few clicks. There is no need to set up Docker or Kubernetes environments. CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          CCE supports turnkey Helm charts.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Using CCE is as simple as choosing a cluster and the workloads that you want to run in the cluster. CCE takes care of cluster management and you focus on app development.
                                                                                                                                                                                                          
@@ -35,8 +36,8 @@
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          You have to assess service loads and cluster health before resizing a Kubernetes cluster.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Flexible cluster and workload scaling
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          CCE can automatically resize clusters and workloads as resource usage changes. Combined use of auto scaling policies can flexibly scale clusters and workloads to meet fluctuating demands.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Managed scaling service
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE auto scales clusters and workloads according to resource metrics and scaling policies.
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Reliability
                                                                                                                                                                                                          
@@ -44,7 +45,7 @@
 
                                                                                                                                                                                                          There might be security vulnerabilities or configuration errors may occur in the OS of an on-premises Kubernetes cluster, which may cause security issues such as unauthorized access and data leakage.
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Enterprise-class security and reliability
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          CCE provides various container-optimized OS images with additional stability tests and security hardening based on native Kubernetes clusters and runtime versions, reducing management costs and risks and improving the reliability and security of applications.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE offers container-optimized OS images that have undergone additional stability tests and security hardening. These images are based on native Kubernetes clusters and runtime versions, resulting in reduced management costs and risks, as well as improved reliability and security for applications.
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Efficiency
                                                                                                                                                                                                          
@@ -55,22 +56,14 @@
 
                                                                                                                                                                                                          CCE connects to SWR to pull images in parallel. Faster pulls, faster container build.
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          Cost
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Heavy upfront investment in installing, managing, and scaling cluster management infrastructure.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Cost effective
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          You only pay for master nodes and the resources used to run and manage applications.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
                                                                                                                                                                                                           
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
-
                                                                                                                                                                                                          Why Containers?
                                                                                                                                                                                                          Docker is written in the Go language designed by Google. It provides operating-system-level virtualization. Linux Control Groups (cgroups), namespaces, and UnionFS (for example, AUFS) isolate each software process. A Docker container packages everything needed to run a software process. Containers are independent from each other and from the host.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Why Containerization?
                                                                                                                                                                                                          Docker is written in the Go language designed by Google. It provides operating-system-level virtualization. Linux Control Groups (cgroups), namespaces, and UnionFS (for example, AUFS) isolate each software process. The isolated software processes, which are called containers, are independent from each other and from the host.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Docker has moved forward to enhance container isolation. Containers have their own file systems. They cannot see each other's processes or network interfaces. This simplifies container creation and management.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          VMs use a hypervisor to virtualize and allocate hardware resources (such as memory, CPU, network, and disk) of a host machine. A complete operating system runs on a VM. Each VM needs to run its own system processes. On the contrary, a container does not require hardware resource virtualization. It runs an application process directly in the host machine OS kernel. No resource overheads are incurred by running system processes. Therefore, Docker is lighter and faster than VMs.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Figure 2 Comparison between Docker containers and VMs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Figure 2 Comparison between Docker containers and VMs
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          To sum up, Docker containers have many advantages over VMs.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Resource use
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Containers have no overheads for virtualizing hardware and running a complete OS. They are faster than VMs in execution and file storage, while having no memory loss.
                                                                                                                                                                                                          
@@ -85,7 +78,7 @@
 
                                                                                                                                                                                                          Portability
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Docker ensures environmental consistency across development, testing, and production. Portable Docker containers work the same, regardless of their running environments. Physical machines, VMs, or even laptops, you name it. Apps are now free to migrate and run anywhere.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Application update
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Docker images consist of layers. Each layer is only stored once and different images can contain the exact same layers. When transferring such images, those same layers get transferred only once. This makes distribution efficient. Updating a containerized application is also simple. Either edit the top-most writable layer in the final image or add layers to the base image. Docker joins hands with many open source projects to maintain a variety of high-quality official images. You can directly use them in the production environment or easily build new images based on them.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A Docker image is built up from a series of layers and these layers are stacked. When you create a new container, you add a container layer on top of image layers. In this way, duplicate layers are reused, which simplify application maintenance and update as well as further image extension on base images. Docker joins hands with many open source projects to maintain a variety of high-quality official images. You can directly use them in the production environment or easily build new images based on them.
                                                                                                                                                                                                          
 
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_productdesc_0005.html b/docs/cce/umn/cce_productdesc_0005.html
index 071790631..30de9b8ed 100644
--- a/docs/cce/umn/cce_productdesc_0005.html
+++ b/docs/cce/umn/cce_productdesc_0005.html
@@ -5,7 +5,7 @@
 
                                                                                                                                                                                                          Clusters and Nodes
                                                                                                                                                                                                          • After a cluster is created, the following items cannot be changed:
                                                                                                                                                                                                            • Number of master nodes: For example, a non-HA cluster (with one master node) cannot be changed to an HA cluster (with three master nodes).
                                                                                                                                                                                                            • AZ where a master node is deployed
                                                                                                                                                                                                            • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, IPv6 settings, and kube-proxy (forwarding) settings
                                                                                                                                                                                                            • Network model: For example, a container tunnel network cannot be changed to a VPC network.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          • CCE underlying resources such as ECS nodes are limited by quota and their inventory. It is possible that only some nodes are created during cluster creation, cluster scaling, or auto scaling.
                                                                                                                                                                                                          • ECS node specifications: CPU ≥ 2 cores, memory ≥ 4 GiB
                                                                                                                                                                                                          • To access a CCE cluster through a VPN, ensure that the VPN CIDR block does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                                                          • Ubuntu 22.04 does not support the tunnel network model.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Networks
                                                                                                                                                                                                          • By default, a NodePort Service is accessed within a VPC. To access a NodePort Service through the Internet, bind an EIP to the node in the cluster beforehand.
                                                                                                                                                                                                          • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                                            • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                                                            • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Networks
                                                                                                                                                                                                            • By default, a NodePort Service is accessed within a VPC. To access a NodePort Service through the Internet, bind an EIP to the node in the cluster beforehand.
                                                                                                                                                                                                            • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                                              • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                                                              • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            • Constraints on network policies:
                                                                                                                                                                                                              • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                                                                                                                                                                                                                • Ingress: All versions support this type.
                                                                                                                                                                                                                • Egress: Only the following OSs and cluster versions support egress rules.
 
                                                                                                                                                                                                          Table 2 Containers versus traditional VMs
                                                                                                                                                                                                          Feature
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
@@ -22,35 +22,33 @@
 
-
                                                                                                                                                                                                          OS
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          4.18.0-147.5.1.6.h998.eulerosv2r9.x86_64
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          4.18.0-147.5.1.6.h1305.eulerosv2r9.x86_64
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          HCE OS 2.0
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          HCE OS 2.0
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          v1.25 or later
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          5.10.0-60.18.0.50.r865_35.hce2.x86_64
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          5.10.0-182.0.0.95.r1941_123.hce2.x86_64
                                                                                                                                                                                                          
                                                                                                                                                                                                           		
 
                                                                                                                                                                                                          
 
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
-
                                                                                                                                                                                                        7. Network isolation is not supported for IPv6 addresses.
                                                                                                                                                                                                        8. If upgrade to a cluster version that supports egress rules is performed in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                                          9. 
+
                                                                                                                                                                                                        9. Network isolation is not supported for IPv6 addresses.
                                                                                                                                                                                                        10. If you upgrade a CCE cluster to a version that supports egress rules in in-place mode, the rules will not work because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                                          11. 
 
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Storage Volumes
                                                                                                                                                                                                          • Constraints on EVS volumes:
                                                                                                                                                                                                            • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attacked to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, create only one pod when creating a Deployment that uses EVS disks.
                                                                                                                                                                                                            • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                                                              For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Storage Volumes
                                                                                                                                                                                                              • Constraints on EVS volumes:
                                                                                                                                                                                                                • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attached to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, select only one pod when creating a Deployment that uses EVS disks.
                                                                                                                                                                                                                • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                                                                  For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volumes mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              • Constraints on SFS volumes:
                                                                                                                                                                                                                • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                                                                  • Do not mount all PVCs/PVs that use the same underlying SFS or SFS Turbo file system to a pod. This leads to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle values of these PVs.
                                                                                                                                                                                                                  • The persistentVolumeReclaimPolicy parameter in the PVs is suggested to be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                                                                  • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Constraints on SFS volumes:
                                                                                                                                                                                                                  • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                                                                    • Do not mount the PVCs/PVs that use the same underlying SFS or SFS Turbo volume to one pod. This will lead to a pod startup failure because not all PVCs can be mounted to the pod due to the same volumeHandle value.
                                                                                                                                                                                                                    • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                                                                    • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  • SFS volumes are available only in certain regions.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • Constraints on OBS volumes:
                                                                                                                                                                                                                  • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                                                                                                                  • CCE allows parallel file systems to be mounted using OBS SDKs or PVCs. If PVC mounting is used, the obsfs tool provided by OBS must be used. An obsfs resident process is generated each time an object storage volume generated from the parallel file system is mounted to a node, as shown in the following figure.
                                                                                                                                                                                                                    Figure 1 obsfs resident process
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    Reserve 1 GiB of memory for each obsfs process. For example, for a node with 4 vCPUs and 8 GiB of memory, an obsfs parallel file system should be mounted to no more than eight pods.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    • An obsfs resident process runs on a node. If the consumed memory exceeds the upper limit of the node, the node malfunctions. On a node with 4 vCPUs and 8 GiB of memory, if more than 100 pods are mounted to a parallel file system, the node will be unavailable. Control the number of pods mounted to a parallel file system on a single node.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  • Kata containers do not support OBS volumes.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • Restrictions on using local PVs:
                                                                                                                                                                                                                  • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                                                                  • Removing, deleting, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                                                                                                  • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                                  • A local PV cannot be mounted to multiple workloads or jobs at the same time.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • Restrictions on using local EVs:
                                                                                                                                                                                                                  • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                                                                                  • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                                  • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                • Constraints on snapshots and backups:
                                                                                                                                                                                                                  • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                                                                                                                                                  • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being queried or set.
                                                                                                                                                                                                                  • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                                                                                                  • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the Flexvolume storage class whose name is ssd, sas, or sata.
                                                                                                                                                                                                                  • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                                                                                                  • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Constraints on OBS volumes:
                                                                                                                                                                                                                  • If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
                                                                                                                                                                                                                  • Every time an OBS volume is mounted to a workload through a PVC, a resident process is created in the backend. When a workload uses too many OBS volumes or reads and writes a large number of object storage files, resident processes will consume a significant amount of memory. To ensure stable running of the workload, make sure that the number of OBS volumes used does not exceed the requested memory. For example, if the workload requests for 4 GiB of memory, the number of OBS volumes should be no more than 4.
                                                                                                                                                                                                                  • Kata containers do not support OBS volumes.
                                                                                                                                                                                                                  • Hard links are not supported when common buckets are mounted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Constraints on local PVs:
                                                                                                                                                                                                                  • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                                                                  • Removing, deleting, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                                                                                                  • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                                  • A local PV cannot be mounted to multiple workloads or jobs at the same time.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Constraints on local EVs:
                                                                                                                                                                                                                  • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the Everest add-on version is 1.2.29 or later.
                                                                                                                                                                                                                  • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                                                  • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Constraints on snapshots and backups:
                                                                                                                                                                                                                  • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based Everest add-on.
                                                                                                                                                                                                                  • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (VBD or SCSI), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being checked or configured.
                                                                                                                                                                                                                  • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                                                                                                  • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the Everest add-on. Snapshots cannot be created for PVCs created using the FlexVolume storage class whose name is ssd, sas, or sata.
                                                                                                                                                                                                                  • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                                                                                                  • A PVC of the xfs file system type can generate snapshots. The file system of the disk associated with the PVC created using these snapshots remains xfs.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Add-ons
                                                                                                                                                                                                              CCE uses Helm charts to deploy add-ons. To modify or upgrade an add-on, perform operations on the Add-ons page or use open add-on management APIs. Do not directly modify add-on resources on the backend. Otherwise, add-on exceptions or other unexpected problems may occur.
                                                                                                                                                                                                              
@@ -89,8 +87,8 @@
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Cluster Capacity Limit
                                                                                                                                                                                                              The capacity of a cluster is made up of various resource types, including container groups (pods), cloud storage instances (persistent volumes), and Services. Additionally, the size of these resource objects can also impact the cluster capacity.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              For example:
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              • If there are too many pods, the maximum number of pods will decrease within a certain performance range.
                                                                                                                                                                                                              • As the number of pods approaches the upper limit, the upper limits of other resource types in the cluster will decrease accordingly.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Since clusters in actual application environments contain multiple resource types, it is possible that the number of resources for a single type may not reach its upper limit. It is important to monitor cluster usage regularly and plan and manage the cluster effectively to ensure the best performance of all resources. If the current specifications do not meet your requirements, you can scale out the cluster to ensure stability.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              • If there are too many pods, the maximum number of pods will decrease within a certain performance range.
                                                                                                                                                                                                              • As the number of pods approaches the upper limit, the upper limits of other resource types in the cluster will also decrease accordingly.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Since clusters in actual application environments contain multiple resource types, it is possible that the number of resources for a single type may not reach its upper limit. It is important to monitor cluster resource usage regularly and plan and manage the resources effectively to ensure the best performance of all resources. If the current specifications do not meet your requirements, you can scale out the cluster to ensure stability.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Dependent Underlying Cloud Resources
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Category
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_productdesc_0007.html b/docs/cce/umn/cce_productdesc_0007.html
index c7e5b3421..9ce4e1366 100644
--- a/docs/cce/umn/cce_productdesc_0007.html
+++ b/docs/cce/umn/cce_productdesc_0007.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                                                                                                              Containerized Application Management
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Application Scenario
                                                                                                                                                                                                              In CCE, you can run clusters with x86 and Arm nodes. Create and manage Kubernetes clusters. Deploy containerized applications in them. All done in CCE.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Application Scenarios
                                                                                                                                                                                                              CCE clusters enable the management of both x86 and Arm resources. With CCE, you can effortlessly create Kubernetes clusters, deploy containerized applications, and effectively manage and maintain them.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • Containerized web applications: CCE clusters interconnect with middleware such as GaussDB and Redis and support HA DR, auto scaling, public network release, and gray upgrade, helping you quickly deploy web service applications.
                                                                                                                                                                                                              • Middleware deployment platform: CCE clusters can be used as middleware deployment platforms to implement stateful applications with StatefulSets and PVCs. In addition, load balancers can be used to expose middleware services.
                                                                                                                                                                                                              • Jobs and cron jobs: Job and cron job applications can be containerized to reduce the dependency on the host system. Global resource scheduling secures the resource usage during task running and improves the overall resource usage in the cluster.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Figure 1 CCE cluster
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Figure 1 CCE cluster
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Benefits
                                                                                                                                                                                                              Containerization requires less resources to deploy application. Services are not uninterrupted during upgrades.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
@@ -11,7 +11,7 @@
 
                                                                                                                                                                                                            • Application upgrade
                                                                                                                                                                                                              Upgrades your apps in replace or rolling mode (by proportion or by number of pods), or rolls back the upgrades.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            • Auto scaling
                                                                                                                                                                                                              Auto scales your nodes and workloads according to the policies you set.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • 
-
                                                                                                                                                                                                              Figure 2 Workload
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Figure 2 Workload
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_productdesc_0008.html b/docs/cce/umn/cce_productdesc_0008.html
index 5fb04d681..585963da8 100644
--- a/docs/cce/umn/cce_productdesc_0008.html
+++ b/docs/cce/umn/cce_productdesc_0008.html
@@ -1,66 +1,66 @@
 
 
 
                                                                                                                                                                                                              Related Services
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              CCE works with the following cloud services and requires permissions to access them.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Figure 1 Relationships between CCE and other services
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              CCE needs to be interconnected with the following cloud services. It requires permissions to access these cloud services.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Figure 1 Relationships between CCE and other services
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Relationships Between CCE and Other Services
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Table 1 Relationships between CCE and other services
                                                                                                                                                                                                              Service
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_productdesc_0012.html b/docs/cce/umn/cce_productdesc_0012.html
index 4849e57df..a570a745e 100644
--- a/docs/cce/umn/cce_productdesc_0012.html
+++ b/docs/cce/umn/cce_productdesc_0012.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                                              Regions and AZs
                                                                                                                                                                                                              Definition
                                                                                                                                                                                                              A region and availability zone (AZ) identify the location of a data center. You can create resources in a specific region and AZ.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified as universal regions and dedicated regions. A universal region provides universal cloud services for common domains. A dedicated region provides services of the same type only or for specific domains.
                                                                                                                                                                                                              • An AZ contains one or more physical data centers. Each AZ has independent cooling, fire extinguishing, moisture-proof, and electricity facilities. Within an AZ, computing, network, storage, and other resources are logically divided into multiple clusters. AZs in a region are interconnected through high-speed optic fibers. This is helpful if you will deploy systems across AZs to achieve higher availability.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Cloud services are now available in many regions around the world. You can select whichever region and AZ work best for you.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Cloud services are now available in many regions around the world. You can select a region and AZ as needed.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              How to Select a Region?
                                                                                                                                                                                                              When selecting a region, consider the following factors:
                                                                                                                                                                                                              • Location
                                                                                                                                                                                                                Select a region close to you or your target users to reduce network latency and improve access rate.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
@@ -12,7 +12,7 @@
 
                                                                                                                                                                                                              Selecting an AZ
                                                                                                                                                                                                              When deploying resources, consider your applications' requirements on disaster recovery (DR) and network latency.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • For high DR capability, deploy resources in different AZs within the same region.
                                                                                                                                                                                                              • For lower network latency, deploy resources in the same AZ.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Regions and Endpoints
                                                                                                                                                                                                              When using an API to access resources, you must specify a region and endpoint. For more information about regions and endpoints, see Regions and Endpoints.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Regions and Endpoints
                                                                                                                                                                                                              When using an API to access resources, you must specify a region and endpoint. For more information about regions and endpoints, see Regions and Endpoints.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_productdesc_0017.html b/docs/cce/umn/cce_productdesc_0017.html
index 12bf22d80..b00a378f7 100644
--- a/docs/cce/umn/cce_productdesc_0017.html
+++ b/docs/cce/umn/cce_productdesc_0017.html
@@ -11,7 +11,7 @@
 
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Related Services
                                                                                                                                                                                                              Software Repository for Container (SWR), Object Storage Service (OBS), Virtual Private Network (VPN)
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Figure 1 How DevOps works
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Figure 1 How DevOps works
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_productdesc_0018.html b/docs/cce/umn/cce_productdesc_0018.html
index f67976039..d3bd97b26 100644
--- a/docs/cce/umn/cce_productdesc_0018.html
+++ b/docs/cce/umn/cce_productdesc_0018.html
@@ -7,16 +7,16 @@
 
                                                                                                                                                                                                            • Environment decoupling
                                                                                                                                                                                                              To ensure IP security, you can decouple development from production. Set up one on the cloud and the other in the local IDC.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • 
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Benefits
                                                                                                                                                                                                              Thanks to containers' environment-independent feature, CCE manages containers in a unified manner, and these containers can access each other on CCE. You can seamlessly migrate your apps and data on and off the cloud. This meets complex services' requirements for auto scaling, flexibility, security, and compliance. Additionally, resources in different cloud environments can be operated and maintained in a unified manner, providing easier resource scheduling and DR.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Benefits
                                                                                                                                                                                                              Thanks to containers' environment-independent feature, CCE manages containers in a unified manner, and these containers can access each other. You can seamlessly migrate your apps and data on and off the cloud. This meets complex services' requirements for auto scaling, flexibility, security, and compliance. Additionally, resources in different cloud environments can be operated and maintained in a unified manner, providing easier resource scheduling and DR.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Advantages
                                                                                                                                                                                                              • On-cloud DR
                                                                                                                                                                                                                Multicloud prevents systems from outages. When a cloud is faulty, CCE auto diverts traffic to other clouds to ensure service continuity.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              • Unified architecture and auto scaling
                                                                                                                                                                                                                Unified architecture on and off the cloud can flexibly implement auto scaling, smooth migration to cope with traffic peaks.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              • Decoupling and sharing
                                                                                                                                                                                                                CCE decouples data, environments, and compute capacity. Sensitive data vs general data. Development vs production. Compute-intensive services vs general services. Apps running on-premises can burst to the cloud. Your resources on and off the cloud can be better used.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              • Lower costs
                                                                                                                                                                                                                Cloud resource pools, backed by auto scaling, can respond to load spikes in time. Manual operations are no longer needed and you can save big.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              • Lower costs
                                                                                                                                                                                                                Cloud resource pools can quickly be scaled out to handle traffic bursts. Manual operations are no longer needed and you can save big.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Related Services
                                                                                                                                                                                                              Elastic Cloud Server (ECS), Virtual Private Network (VPN), SoftWare Repository for Container (SWR)
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Figure 1 How hybrid cloud works
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Figure 1 How hybrid cloud works
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_productdesc_0021.html b/docs/cce/umn/cce_productdesc_0021.html
index 1b8941573..f9d62581d 100644
--- a/docs/cce/umn/cce_productdesc_0021.html
+++ b/docs/cce/umn/cce_productdesc_0021.html
@@ -1,18 +1,17 @@
 
 
 
                                                                                                                                                                                                              Auto Scaling in Seconds
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Application Scenarios
                                                                                                                                                                                                              • Shopping apps and websites, especially during promotions and flash sales
                                                                                                                                                                                                              • Live streaming, where service loads often fluctuate
                                                                                                                                                                                                              • Games, where many players may go online in certain time periods
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Application Scenarios
                                                                                                                                                                                                              • Shopping apps and websites, especially during promotions
                                                                                                                                                                                                              • Live streaming, where service loads often fluctuate
                                                                                                                                                                                                              • Games, where many players may go online in certain time periods
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Benefits
                                                                                                                                                                                                              CCE auto adjusts capacity to cope with service surges according to the policies you set. CCE adds or reduces cloud servers and containers to scale your cluster and workloads. Your applications will always have the right resources at the right time.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Advantages
                                                                                                                                                                                                              • Flexible
                                                                                                                                                                                                                Allows diverse types of scaling policies and scales containers within seconds once triggered.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              • Highly available
                                                                                                                                                                                                                Monitors pod running and replaces unhealthy pods with new ones.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              • Lower costs
                                                                                                                                                                                                                Bills you only for the scaled cloud servers as you use.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Related Services
                                                                                                                                                                                                              Add-ons: autoscaler and cce-hpa-controller
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • Auto scaling for workloads: CronHPA (CronHorizontalPodAutoscaler) + HPA (Horizontal Pod Autoscaling)
                                                                                                                                                                                                              • Auto scaling for clusters: CA (Cluster AutoScaling)
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Figure 1 How auto scaling works
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Figure 1 How auto scaling works
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_qs_0006.html b/docs/cce/umn/cce_qs_0006.html
index 888990219..54d09259a 100644
--- a/docs/cce/umn/cce_qs_0006.html
+++ b/docs/cce/umn/cce_qs_0006.html
@@ -6,7 +6,7 @@
 
                                                                                                                                                                                                              Creating an IAM user
                                                                                                                                                                                                              If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users. These users can use specified links and their own accounts and help you manage resources efficiently. You can also configure account security policies to ensure the security of these accounts.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Your accounts have the permissions to use CCE. However, IAM users created by your accounts do not have the permissions. You need to manually assign the permissions to IAM users.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Obtaining Resource Permissions
                                                                                                                                                                                                              CCE works closely with multiple cloud services to support computing, storage, networking, and monitoring functions. When you log in to the CCE console for the first time, CCE automatically requests permissions to access those cloud services in the region where you run your applications. Specifically:
                                                                                                                                                                                                              • Compute services
                                                                                                                                                                                                                When you create a node in a cluster, a cloud server is created accordingly. The prerequisite is that CCE has obtained the permissions to access Elastic Cloud Service (ECS) and Bare Metal Server (BMS).
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Obtaining Resource Permissions
                                                                                                                                                                                                                CCE works closely with multiple cloud services to support computing, storage, networking, and monitoring functions. When you log in to the CCE console for the first time, CCE automatically requests permissions to access those cloud services in the region where you run your applications. Specifically:
                                                                                                                                                                                                                • Compute services
                                                                                                                                                                                                                  When you create a node in a cluster, a cloud server is created accordingly. The prerequisite is that CCE has obtained the permissions to access Elastic Cloud Server (ECS).
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                • Storage services
                                                                                                                                                                                                                  CCE allows you to mount storage volumes to nodes and containers in a cluster. The prerequisite is that CCE has obtained the permissions to access services such as Elastic Volume Service (EVS), Scalable File Service (SFS), and Object Storage Service (OBS).
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                • Networking services
                                                                                                                                                                                                                  CCE allows containers in a cluster to be published as services that can be accessed by external systems. The prerequisite is that CCE has obtained the permissions to access services such as Virtual Private Cloud (VPC) and Elastic Load Balance (ELB).
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                • Container and monitoring services
                                                                                                                                                                                                                  CCE supports functions such as container image pull, monitoring, and logging. The prerequisite is that CCE has obtained the permissions to access services such as SoftWare Repository for Container (SWR) and Application Operations Management (AOM).
                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_qs_0008.html b/docs/cce/umn/cce_qs_0008.html
index 0da3f8d80..a473125ab 100644
--- a/docs/cce/umn/cce_qs_0008.html
+++ b/docs/cce/umn/cce_qs_0008.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                                                  Creating a Kubernetes Cluster
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Context
                                                                                                                                                                                                                  This section describes how to quickly create a CCE cluster. In this example, the default or simple configurations are in use.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Creating a Cluster
                                                                                                                                                                                                                  1. Log in to the CCE console.
                                                                                                                                                                                                                    • If you have no clusters, click Create CCE Standard Cluster on the wizard page.
                                                                                                                                                                                                                    • If your have CCE clusters, choose Clusters in the navigation pane, click Create Cluster and select the CCE standard cluster.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Creating a Cluster
                                                                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                                                                      • If you have no clusters, click Create CCE Standard Cluster on the wizard page.
                                                                                                                                                                                                                      • If your have CCE clusters, choose Clusters in the navigation pane, click Create Cluster and select the CCE standard cluster.
                                                                                                                                                                                                                      
 
                                                                                                                                                                                                                    2. On the page displayed, configure parameters following instructions.
                                                                                                                                                                                                                      In this example, a majority of parameters retain default values. Only mandatory parameters are described. For details, see Table 1.
 
                                                                                                                                                                                                              Table 1 Relationships between CCE and other services
                                                                                                                                                                                                              Service
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              Relationship
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Relationship
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              ECS
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              ECS
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              An ECS with multiple EVS disks is a node in CCE. You can choose ECS specifications during node creation.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              An ECS with multiple EVS disks is a node in CCE. You can choose ECS specifications during node creation.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              VPC
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              VPC
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              For security reasons, all clusters created by CCE must run in VPCs. When creating a namespace, create a VPC or bind an existing VPC to the namespace so all containers in the namespace will run in this VPC.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              VPCs are required for CCE clusters to function. They offer segregated network environments. When creating a node pool within a cluster, nodes in the pool are assigned private IP addresses from the VPC CIDR block.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              ELB
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              ELB
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              CCE works with ELB to load balance a workload's access requests across multiple pods.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Load balancers can be associated with applications created on CCE. They help distribute external access traffic to various backend containerized applications.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              NAT Gateway
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              NAT Gateway
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              The NAT Gateway service provides source network address translation (SNAT), which translates private IP addresses to a public IP address by binding an elastic IP address (EIP) to the gateway.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              The NAT Gateway service offers source network address translation (SNAT), which allows private IP addresses to be translated into public IP addresses by binding an elastic IP address (EIP) to the gateway. This enables container instances within the VPC to share EIPs and access the Internet.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              SWR
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              SWR
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              An image repository is used to store and manage Docker images.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              An image repository is used to store and manage Docker images.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              EVS
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              EVS
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              EVS disks can be attached to cloud servers and scaled to a higher capacity whenever needed.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              EVS disks can be attached to cloud servers and scaled to a higher capacity whenever needed.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              An ECS with multiple EVS disks is a node in CCE. You can choose ECS specifications during node creation.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              OBS
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              OBS
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              OBS provides stable, secure, cost-efficient, and object-based cloud storage for data of any size. With OBS, you can create, modify, and delete buckets, as well as uploading, downloading, and deleting objects.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              OBS provides stable, secure, cost-efficient, and object-based cloud storage for data of any size. With OBS, you can create, modify, and delete buckets, as well as uploading, downloading, and deleting objects.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              CCE allows you to create an OBS volume and attach it to a path inside a container.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              SFS
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              SFS
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              SFS is a shared, fully managed file storage service. Compatible with the Network File System protocol, SFS file systems can elastically scale up to petabytes, thereby ensuring top performance of data-intensive and bandwidth-intensive applications.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              SFS is a shared, fully managed file storage service. Compatible with the Network File System protocol, SFS file systems can elastically scale up to petabytes, thereby ensuring top performance of data-intensive and bandwidth-intensive applications.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              You can use SFS file systems as persistent storage for containers and attach the file systems to containers when creating a workload.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              AOM
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              AOM
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              AOM collects container log files in formats like .log from CCE and dumps them to AOM. On the AOM console, you can easily query and view log files. In addition, AOM monitors CCE resource usage. You can define metric thresholds for CCE resource usage to trigger auto scaling.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              AOM collects container log files in formats like .log from CCE and dumps them to AOM. On the AOM console, you can easily query and view log files. In addition, AOM monitors CCE resource usage. You can define metric thresholds for CCE resource usage to trigger auto scaling.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              Cloud Trace Service (CTS)
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Cloud Trace Service (CTS)
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              CTS records operations on your cloud resources, allowing you to obtain, audit, and backtrack resource operation requests initiated from the management console or open APIs as well as responses to these requests.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              CTS records operations on your cloud resources, allowing you to obtain, audit, and backtrack resource operation requests initiated from the management console or open APIs as well as responses to these requests.
                                                                                                                                                                                                              
                                                                                                                                                                                                               		
 
                                                                                                                                                                                                              
                                                                                                                                                                                                               
 
                                                                                                                                                                                                              
@@ -65,7 +65,7 @@
 
                                                                                                                                                                                                              Table 1 Parameters for creating a cluster
                                                                                                                                                                                                              Parameter
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
 
-
                                                                                                                                                                                                            • Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.
                                                                                                                                                                                                            • Click Next: Add-on Configuration.
                                                                                                                                                                                                            • Click Next: Confirm configuration. After confirming the information, click Submit.
                                                                                                                                                                                                              It takes about 6 to 10 minutes to create a cluster.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            • Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.
                                                                                                                                                                                                            • Click Next: Add-on Configuration.
                                                                                                                                                                                                            • Click Next: Confirm configuration. After confirming the information, click Submit.
                                                                                                                                                                                                              It takes about 6 to 10 minutes to create a cluster.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              The created cluster will be displayed on the Clusters page, and the number of nodes in the cluster is 0.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              • 
 
diff --git a/docs/cce/umn/en-us_image_0000001187249376.png b/docs/cce/umn/en-us_image_0000001187249376.png
deleted file mode 100644
index 582b16181..000000000
Binary files a/docs/cce/umn/en-us_image_0000001187249376.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001332989461.png b/docs/cce/umn/en-us_image_0000001332989461.png
new file mode 100644
index 000000000..220bbf453
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001332989461.png differ
diff --git a/docs/cce/umn/en-us_image_0000001619094530.png b/docs/cce/umn/en-us_image_0000001619094530.png
deleted file mode 100644
index 5ab58fafb..000000000
Binary files a/docs/cce/umn/en-us_image_0000001619094530.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001667694873.png b/docs/cce/umn/en-us_image_0000001667694873.png
deleted file mode 100644
index d3b0f6985..000000000
Binary files a/docs/cce/umn/en-us_image_0000001667694873.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001667734001.png b/docs/cce/umn/en-us_image_0000001667734001.png
deleted file mode 100644
index 6b11888bb..000000000
Binary files a/docs/cce/umn/en-us_image_0000001667734001.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001897906197.png b/docs/cce/umn/en-us_image_0000001897906197.png
deleted file mode 100644
index 0ee4bb107..000000000
Binary files a/docs/cce/umn/en-us_image_0000001897906197.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001898022949.png b/docs/cce/umn/en-us_image_0000001898022949.png
deleted file mode 100644
index 87c98e366..000000000
Binary files a/docs/cce/umn/en-us_image_0000001898022949.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950315440.png b/docs/cce/umn/en-us_image_0000001950315440.png
deleted file mode 100644
index b0fe69b12..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950315440.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950315972.png b/docs/cce/umn/en-us_image_0000001950315972.png
deleted file mode 100644
index 718c8fa26..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950315972.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950315976.png b/docs/cce/umn/en-us_image_0000001950315976.png
deleted file mode 100644
index 989a68c34..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950315976.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950316056.png b/docs/cce/umn/en-us_image_0000001950316056.png
deleted file mode 100644
index 853c68927..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950316056.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950316540.png b/docs/cce/umn/en-us_image_0000001950316540.png
deleted file mode 100644
index b201d81d7..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950316540.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950316852.png b/docs/cce/umn/en-us_image_0000001950316852.png
deleted file mode 100644
index c0c07f9ef..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950316852.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950316872.png b/docs/cce/umn/en-us_image_0000001950316872.png
deleted file mode 100644
index 7cdfc47db..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950316872.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950316876.png b/docs/cce/umn/en-us_image_0000001950316876.png
deleted file mode 100644
index 42fccb7bf..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950316876.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950317032.png b/docs/cce/umn/en-us_image_0000001950317032.png
deleted file mode 100644
index 5db165c12..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950317032.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950317076.png b/docs/cce/umn/en-us_image_0000001950317076.png
deleted file mode 100644
index 4e7da6ce5..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950317076.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001950317380.png b/docs/cce/umn/en-us_image_0000001950317380.png
deleted file mode 100644
index d956cead9..000000000
Binary files a/docs/cce/umn/en-us_image_0000001950317380.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981275269.png b/docs/cce/umn/en-us_image_0000001981275269.png
deleted file mode 100644
index 4f4f467c7..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981275269.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981275361.png b/docs/cce/umn/en-us_image_0000001981275361.png
deleted file mode 100644
index 41c8b4249..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981275361.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981275489.png b/docs/cce/umn/en-us_image_0000001981275489.png
deleted file mode 100644
index 407395206..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981275489.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276261.png b/docs/cce/umn/en-us_image_0000001981276261.png
deleted file mode 100644
index 4db8f4d35..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276261.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276405.png b/docs/cce/umn/en-us_image_0000001981276405.png
deleted file mode 100644
index 7cdfc47db..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276405.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276409.png b/docs/cce/umn/en-us_image_0000001981276409.png
deleted file mode 100644
index 49cebe81c..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276409.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276729.png b/docs/cce/umn/en-us_image_0000001981276729.png
deleted file mode 100644
index 33467fb96..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276729.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276785.png b/docs/cce/umn/en-us_image_0000001981276785.png
deleted file mode 100644
index f1336b60e..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276785.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276941.png b/docs/cce/umn/en-us_image_0000001981276941.png
deleted file mode 100644
index d486a037e..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276941.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276949.png b/docs/cce/umn/en-us_image_0000001981276949.png
deleted file mode 100644
index 763c49384..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276949.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276965.png b/docs/cce/umn/en-us_image_0000001981276965.png
deleted file mode 100644
index ec59b9558..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276965.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981276973.png b/docs/cce/umn/en-us_image_0000001981276973.png
deleted file mode 100644
index 82d56b7a0..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981276973.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981435329.png b/docs/cce/umn/en-us_image_0000001981435329.png
deleted file mode 100644
index 9f288ee78..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981435329.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981435969.png b/docs/cce/umn/en-us_image_0000001981435969.png
deleted file mode 100644
index bbf2bfffa..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981435969.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981436009.png b/docs/cce/umn/en-us_image_0000001981436009.png
deleted file mode 100644
index dbcce9ca0..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981436009.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981436137.png b/docs/cce/umn/en-us_image_0000001981436137.png
deleted file mode 100644
index 4e0fb1be8..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981436137.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981436181.png b/docs/cce/umn/en-us_image_0000001981436181.png
deleted file mode 100644
index 8f3c9f0e0..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981436181.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001981436641.png b/docs/cce/umn/en-us_image_0000001981436641.png
deleted file mode 100644
index e898d13d9..000000000
Binary files a/docs/cce/umn/en-us_image_0000001981436641.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000002065477978.png b/docs/cce/umn/en-us_image_0000002065477978.png
new file mode 100644
index 000000000..2484c40d8
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065477978.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981274417.png b/docs/cce/umn/en-us_image_0000002065478702.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274417.png
rename to docs/cce/umn/en-us_image_0000002065478702.png
diff --git a/docs/cce/umn/en-us_image_0000001981274401.gif b/docs/cce/umn/en-us_image_0000002065478774.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274401.gif
rename to docs/cce/umn/en-us_image_0000002065478774.gif
diff --git a/docs/cce/umn/en-us_image_0000001981274513.png b/docs/cce/umn/en-us_image_0000002065478822.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274513.png
rename to docs/cce/umn/en-us_image_0000002065478822.png
diff --git a/docs/cce/umn/en-us_image_0000001981434389.png b/docs/cce/umn/en-us_image_0000002065478854.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434389.png
rename to docs/cce/umn/en-us_image_0000002065478854.png
diff --git a/docs/cce/umn/en-us_image_0000001950315204.png b/docs/cce/umn/en-us_image_0000002065478874.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315204.png
rename to docs/cce/umn/en-us_image_0000002065478874.png
diff --git a/docs/cce/umn/en-us_image_0000001981275157.jpg b/docs/cce/umn/en-us_image_0000002065478898.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275157.jpg
rename to docs/cce/umn/en-us_image_0000002065478898.jpg
diff --git a/docs/cce/umn/en-us_image_0000001981434421.png b/docs/cce/umn/en-us_image_0000002065478942.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434421.png
rename to docs/cce/umn/en-us_image_0000002065478942.png
diff --git a/docs/cce/umn/en-us_image_0000002065478954.png b/docs/cce/umn/en-us_image_0000002065478954.png
new file mode 100644
index 000000000..0a2668c3e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065478954.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981274553.png b/docs/cce/umn/en-us_image_0000002065478990.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274553.png
rename to docs/cce/umn/en-us_image_0000002065478990.png
diff --git a/docs/cce/umn/en-us_image_0000001981275593.png b/docs/cce/umn/en-us_image_0000002065479090.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275593.png
rename to docs/cce/umn/en-us_image_0000002065479090.png
diff --git a/docs/cce/umn/en-us_image_0000001981275249.png b/docs/cce/umn/en-us_image_0000002065479098.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275249.png
rename to docs/cce/umn/en-us_image_0000002065479098.png
diff --git a/docs/cce/umn/en-us_image_0000001950315760.png b/docs/cce/umn/en-us_image_0000002065479118.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315760.png
rename to docs/cce/umn/en-us_image_0000002065479118.png
diff --git a/docs/cce/umn/en-us_image_0000001981435165.png b/docs/cce/umn/en-us_image_0000002065479138.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435165.png
rename to docs/cce/umn/en-us_image_0000002065479138.png
diff --git a/docs/cce/umn/en-us_image_0000001981434829.png b/docs/cce/umn/en-us_image_0000002065479186.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434829.png
rename to docs/cce/umn/en-us_image_0000002065479186.png
diff --git a/docs/cce/umn/en-us_image_0000001950315472.png b/docs/cce/umn/en-us_image_0000002065479210.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315472.png
rename to docs/cce/umn/en-us_image_0000002065479210.png
diff --git a/docs/cce/umn/en-us_image_0000001950315444.png b/docs/cce/umn/en-us_image_0000002065479218.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315444.png
rename to docs/cce/umn/en-us_image_0000002065479218.png
diff --git a/docs/cce/umn/en-us_image_0000001950315456.png b/docs/cce/umn/en-us_image_0000002065479222.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315456.png
rename to docs/cce/umn/en-us_image_0000002065479222.png
diff --git a/docs/cce/umn/en-us_image_0000001981275621.png b/docs/cce/umn/en-us_image_0000002065479290.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275621.png
rename to docs/cce/umn/en-us_image_0000002065479290.png
diff --git a/docs/cce/umn/en-us_image_0000002065479338.png b/docs/cce/umn/en-us_image_0000002065479338.png
new file mode 100644
index 000000000..b83dc3ea1
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065479338.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950317352.png b/docs/cce/umn/en-us_image_0000002065479386.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317352.png
rename to docs/cce/umn/en-us_image_0000002065479386.png
diff --git a/docs/cce/umn/en-us_image_0000001981276281.png b/docs/cce/umn/en-us_image_0000002065479422.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276281.png
rename to docs/cce/umn/en-us_image_0000002065479422.png
diff --git a/docs/cce/umn/en-us_image_0000001950315932.png b/docs/cce/umn/en-us_image_0000002065479494.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315932.png
rename to docs/cce/umn/en-us_image_0000002065479494.png
diff --git a/docs/cce/umn/en-us_image_0000001981435221.png b/docs/cce/umn/en-us_image_0000002065479598.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435221.png
rename to docs/cce/umn/en-us_image_0000002065479598.png
diff --git a/docs/cce/umn/en-us_image_0000001981275513.png b/docs/cce/umn/en-us_image_0000002065479622.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275513.png
rename to docs/cce/umn/en-us_image_0000002065479622.png
diff --git a/docs/cce/umn/en-us_image_0000001981275001.png b/docs/cce/umn/en-us_image_0000002065479674.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275001.png
rename to docs/cce/umn/en-us_image_0000002065479674.png
diff --git a/docs/cce/umn/en-us_image_0000001981275365.png b/docs/cce/umn/en-us_image_0000002065479742.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275365.png
rename to docs/cce/umn/en-us_image_0000002065479742.png
diff --git a/docs/cce/umn/en-us_image_0000001981436085.png b/docs/cce/umn/en-us_image_0000002065480154.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436085.png
rename to docs/cce/umn/en-us_image_0000002065480154.png
diff --git a/docs/cce/umn/en-us_image_0000001981436029.png b/docs/cce/umn/en-us_image_0000002065480162.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436029.png
rename to docs/cce/umn/en-us_image_0000002065480162.png
diff --git a/docs/cce/umn/en-us_image_0000001981436201.png b/docs/cce/umn/en-us_image_0000002065480222.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436201.png
rename to docs/cce/umn/en-us_image_0000002065480222.png
diff --git a/docs/cce/umn/en-us_image_0000001981436241.png b/docs/cce/umn/en-us_image_0000002065480234.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436241.png
rename to docs/cce/umn/en-us_image_0000002065480234.png
diff --git a/docs/cce/umn/en-us_image_0000001950316840.png b/docs/cce/umn/en-us_image_0000002065480238.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316840.png
rename to docs/cce/umn/en-us_image_0000002065480238.png
diff --git a/docs/cce/umn/en-us_image_0000002065480242.png b/docs/cce/umn/en-us_image_0000002065480242.png
new file mode 100644
index 000000000..1475aba75
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065480242.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480278.png b/docs/cce/umn/en-us_image_0000002065480278.png
new file mode 100644
index 000000000..4a874f0b0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065480278.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981436185.png b/docs/cce/umn/en-us_image_0000002065480330.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436185.png
rename to docs/cce/umn/en-us_image_0000002065480330.png
diff --git a/docs/cce/umn/en-us_image_0000002065480366.png b/docs/cce/umn/en-us_image_0000002065480366.png
new file mode 100644
index 000000000..e22169dd4
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065480366.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480398.png b/docs/cce/umn/en-us_image_0000002065480398.png
new file mode 100644
index 000000000..100077665
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065480398.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065480470.png b/docs/cce/umn/en-us_image_0000002065480470.png
new file mode 100644
index 000000000..f9d757250
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065480470.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950317048.png b/docs/cce/umn/en-us_image_0000002065480554.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317048.png
rename to docs/cce/umn/en-us_image_0000002065480554.png
diff --git a/docs/cce/umn/en-us_image_0000001981276605.png b/docs/cce/umn/en-us_image_0000002065480558.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276605.png
rename to docs/cce/umn/en-us_image_0000002065480558.png
diff --git a/docs/cce/umn/en-us_image_0000001981276749.png b/docs/cce/umn/en-us_image_0000002065480610.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276749.png
rename to docs/cce/umn/en-us_image_0000002065480610.png
diff --git a/docs/cce/umn/en-us_image_0000001981436409.png b/docs/cce/umn/en-us_image_0000002065480618.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436409.png
rename to docs/cce/umn/en-us_image_0000002065480618.png
diff --git a/docs/cce/umn/en-us_image_0000001981436649.png b/docs/cce/umn/en-us_image_0000002065480658.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436649.png
rename to docs/cce/umn/en-us_image_0000002065480658.png
diff --git a/docs/cce/umn/en-us_image_0000001981436665.png b/docs/cce/umn/en-us_image_0000002065480670.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436665.png
rename to docs/cce/umn/en-us_image_0000002065480670.png
diff --git a/docs/cce/umn/en-us_image_0000001950317252.png b/docs/cce/umn/en-us_image_0000002065480682.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317252.png
rename to docs/cce/umn/en-us_image_0000002065480682.png
diff --git a/docs/cce/umn/en-us_image_0000002065480750.png b/docs/cce/umn/en-us_image_0000002065480750.png
new file mode 100644
index 000000000..9f11bf4ef
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065480750.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950317392.png b/docs/cce/umn/en-us_image_0000002065480762.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317392.png
rename to docs/cce/umn/en-us_image_0000002065480762.png
diff --git a/docs/cce/umn/en-us_image_0000001981276797.png b/docs/cce/umn/en-us_image_0000002065480794.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276797.png
rename to docs/cce/umn/en-us_image_0000002065480794.png
diff --git a/docs/cce/umn/en-us_image_0000002065480858.png b/docs/cce/umn/en-us_image_0000002065480858.png
new file mode 100644
index 000000000..1909444d2
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065480858.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950315836.png b/docs/cce/umn/en-us_image_0000002065480898.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315836.png
rename to docs/cce/umn/en-us_image_0000002065480898.png
diff --git a/docs/cce/umn/en-us_image_0000001981277029.png b/docs/cce/umn/en-us_image_0000002065480910.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981277029.png
rename to docs/cce/umn/en-us_image_0000002065480910.png
diff --git a/docs/cce/umn/en-us_image_0000001851584036.png b/docs/cce/umn/en-us_image_0000002065636318.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851584036.png
rename to docs/cce/umn/en-us_image_0000002065636318.png
diff --git a/docs/cce/umn/en-us_image_0000001851584048.png b/docs/cce/umn/en-us_image_0000002065636326.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851584048.png
rename to docs/cce/umn/en-us_image_0000002065636326.png
diff --git a/docs/cce/umn/en-us_image_0000001950314864.png b/docs/cce/umn/en-us_image_0000002065637006.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950314864.png
rename to docs/cce/umn/en-us_image_0000002065637006.png
diff --git a/docs/cce/umn/en-us_image_0000001981434377.png b/docs/cce/umn/en-us_image_0000002065637178.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434377.png
rename to docs/cce/umn/en-us_image_0000002065637178.png
diff --git a/docs/cce/umn/en-us_image_0000002065637194.png b/docs/cce/umn/en-us_image_0000002065637194.png
new file mode 100644
index 000000000..bc16352a0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065637194.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981275029.png b/docs/cce/umn/en-us_image_0000002065637230.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275029.png
rename to docs/cce/umn/en-us_image_0000002065637230.png
diff --git a/docs/cce/umn/en-us_image_0000001981434437.png b/docs/cce/umn/en-us_image_0000002065637238.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434437.png
rename to docs/cce/umn/en-us_image_0000002065637238.png
diff --git a/docs/cce/umn/en-us_image_0000001981434473.png b/docs/cce/umn/en-us_image_0000002065637246.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434473.png
rename to docs/cce/umn/en-us_image_0000002065637246.png
diff --git a/docs/cce/umn/en-us_image_0000001950315068.png b/docs/cce/umn/en-us_image_0000002065637250.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315068.png
rename to docs/cce/umn/en-us_image_0000002065637250.png
diff --git a/docs/cce/umn/en-us_image_0000001981434457.png b/docs/cce/umn/en-us_image_0000002065637258.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434457.png
rename to docs/cce/umn/en-us_image_0000002065637258.png
diff --git a/docs/cce/umn/en-us_image_0000001950315720.png b/docs/cce/umn/en-us_image_0000002065637318.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315720.png
rename to docs/cce/umn/en-us_image_0000002065637318.png
diff --git a/docs/cce/umn/en-us_image_0000002065637342.png b/docs/cce/umn/en-us_image_0000002065637342.png
new file mode 100644
index 000000000..39f0d856b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065637342.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981275445.png b/docs/cce/umn/en-us_image_0000002065637370.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275445.png
rename to docs/cce/umn/en-us_image_0000002065637370.png
diff --git a/docs/cce/umn/en-us_image_0000001950315912.png b/docs/cce/umn/en-us_image_0000002065637422.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315912.png
rename to docs/cce/umn/en-us_image_0000002065637422.png
diff --git a/docs/cce/umn/en-us_image_0000001981435093.png b/docs/cce/umn/en-us_image_0000002065637438.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435093.png
rename to docs/cce/umn/en-us_image_0000002065637438.png
diff --git a/docs/cce/umn/en-us_image_0000001950316048.png b/docs/cce/umn/en-us_image_0000002065637450.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316048.png
rename to docs/cce/umn/en-us_image_0000002065637450.png
diff --git a/docs/cce/umn/en-us_image_0000001981275337.png b/docs/cce/umn/en-us_image_0000002065637498.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275337.png
rename to docs/cce/umn/en-us_image_0000002065637498.png
diff --git a/docs/cce/umn/en-us_image_0000001981274977.png b/docs/cce/umn/en-us_image_0000002065637534.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274977.png
rename to docs/cce/umn/en-us_image_0000002065637534.png
diff --git a/docs/cce/umn/en-us_image_0000001950316060.png b/docs/cce/umn/en-us_image_0000002065637590.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316060.png
rename to docs/cce/umn/en-us_image_0000002065637590.png
diff --git a/docs/cce/umn/en-us_image_0000001981435441.png b/docs/cce/umn/en-us_image_0000002065637598.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435441.png
rename to docs/cce/umn/en-us_image_0000002065637598.png
diff --git a/docs/cce/umn/en-us_image_0000001950316040.png b/docs/cce/umn/en-us_image_0000002065637606.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316040.png
rename to docs/cce/umn/en-us_image_0000002065637606.png
diff --git a/docs/cce/umn/en-us_image_0000001950316068.png b/docs/cce/umn/en-us_image_0000002065637614.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316068.png
rename to docs/cce/umn/en-us_image_0000002065637614.png
diff --git a/docs/cce/umn/en-us_image_0000001981275417.jpg b/docs/cce/umn/en-us_image_0000002065637630.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275417.jpg
rename to docs/cce/umn/en-us_image_0000002065637630.jpg
diff --git a/docs/cce/umn/en-us_image_0000001981275653.png b/docs/cce/umn/en-us_image_0000002065637662.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275653.png
rename to docs/cce/umn/en-us_image_0000002065637662.png
diff --git a/docs/cce/umn/en-us_image_0000001981275677.png b/docs/cce/umn/en-us_image_0000002065637706.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275677.png
rename to docs/cce/umn/en-us_image_0000002065637706.png
diff --git a/docs/cce/umn/en-us_image_0000001950315240.png b/docs/cce/umn/en-us_image_0000002065637710.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315240.png
rename to docs/cce/umn/en-us_image_0000002065637710.png
diff --git a/docs/cce/umn/en-us_image_0000001981275053.png b/docs/cce/umn/en-us_image_0000002065637722.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275053.png
rename to docs/cce/umn/en-us_image_0000002065637722.png
diff --git a/docs/cce/umn/en-us_image_0000001981277009.png b/docs/cce/umn/en-us_image_0000002065637758.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981277009.png
rename to docs/cce/umn/en-us_image_0000002065637758.png
diff --git a/docs/cce/umn/en-us_image_0000001950315604.png b/docs/cce/umn/en-us_image_0000002065637794.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315604.png
rename to docs/cce/umn/en-us_image_0000002065637794.png
diff --git a/docs/cce/umn/en-us_image_0000001981434997.png b/docs/cce/umn/en-us_image_0000002065637802.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434997.png
rename to docs/cce/umn/en-us_image_0000002065637802.png
diff --git a/docs/cce/umn/en-us_image_0000001950315780.png b/docs/cce/umn/en-us_image_0000002065638074.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315780.png
rename to docs/cce/umn/en-us_image_0000002065638074.png
diff --git a/docs/cce/umn/en-us_image_0000001950315848.png b/docs/cce/umn/en-us_image_0000002065638086.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315848.png
rename to docs/cce/umn/en-us_image_0000002065638086.png
diff --git a/docs/cce/umn/en-us_image_0000002065638098.png b/docs/cce/umn/en-us_image_0000002065638098.png
new file mode 100644
index 000000000..2484e9938
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065638098.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981276109.png b/docs/cce/umn/en-us_image_0000002065638446.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276109.png
rename to docs/cce/umn/en-us_image_0000002065638446.png
diff --git a/docs/cce/umn/en-us_image_0000001981276157.png b/docs/cce/umn/en-us_image_0000002065638502.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276157.png
rename to docs/cce/umn/en-us_image_0000002065638502.png
diff --git a/docs/cce/umn/en-us_image_0000001981276265.png b/docs/cce/umn/en-us_image_0000002065638526.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276265.png
rename to docs/cce/umn/en-us_image_0000002065638526.png
diff --git a/docs/cce/umn/en-us_image_0000001950316688.png b/docs/cce/umn/en-us_image_0000002065638558.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316688.png
rename to docs/cce/umn/en-us_image_0000002065638558.png
diff --git a/docs/cce/umn/en-us_image_0000001981436237.png b/docs/cce/umn/en-us_image_0000002065638574.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436237.png
rename to docs/cce/umn/en-us_image_0000002065638574.png
diff --git a/docs/cce/umn/en-us_image_0000001981276397.png b/docs/cce/umn/en-us_image_0000002065638582.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276397.png
rename to docs/cce/umn/en-us_image_0000002065638582.png
diff --git a/docs/cce/umn/en-us_image_0000001981276293.png b/docs/cce/umn/en-us_image_0000002065638606.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276293.png
rename to docs/cce/umn/en-us_image_0000002065638606.png
diff --git a/docs/cce/umn/en-us_image_0000002065638630.png b/docs/cce/umn/en-us_image_0000002065638630.png
new file mode 100644
index 000000000..c7d5814a6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065638630.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981436361.png b/docs/cce/umn/en-us_image_0000002065638678.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436361.png
rename to docs/cce/umn/en-us_image_0000002065638678.png
diff --git a/docs/cce/umn/en-us_image_0000002065638710.png b/docs/cce/umn/en-us_image_0000002065638710.png
new file mode 100644
index 000000000..ede37b6b8
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065638710.png differ
diff --git a/docs/cce/umn/en-us_image_0000002065638766.png b/docs/cce/umn/en-us_image_0000002065638766.png
new file mode 100644
index 000000000..872e50502
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065638766.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981276429.png b/docs/cce/umn/en-us_image_0000002065638794.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276429.png
rename to docs/cce/umn/en-us_image_0000002065638794.png
diff --git a/docs/cce/umn/en-us_image_0000001981436449.png b/docs/cce/umn/en-us_image_0000002065638886.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436449.png
rename to docs/cce/umn/en-us_image_0000002065638886.png
diff --git a/docs/cce/umn/en-us_image_0000001950317072.png b/docs/cce/umn/en-us_image_0000002065638890.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317072.png
rename to docs/cce/umn/en-us_image_0000002065638890.png
diff --git a/docs/cce/umn/en-us_image_0000001950317060.png b/docs/cce/umn/en-us_image_0000002065638898.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317060.png
rename to docs/cce/umn/en-us_image_0000002065638898.png
diff --git a/docs/cce/umn/en-us_image_0000001981276601.png b/docs/cce/umn/en-us_image_0000002065638906.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276601.png
rename to docs/cce/umn/en-us_image_0000002065638906.png
diff --git a/docs/cce/umn/en-us_image_0000001981276629.png b/docs/cce/umn/en-us_image_0000002065638938.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276629.png
rename to docs/cce/umn/en-us_image_0000002065638938.png
diff --git a/docs/cce/umn/en-us_image_0000001950317192.png b/docs/cce/umn/en-us_image_0000002065638946.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317192.png
rename to docs/cce/umn/en-us_image_0000002065638946.png
diff --git a/docs/cce/umn/en-us_image_0000001981436609.png b/docs/cce/umn/en-us_image_0000002065638950.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436609.png
rename to docs/cce/umn/en-us_image_0000002065638950.png
diff --git a/docs/cce/umn/en-us_image_0000001950317256.png b/docs/cce/umn/en-us_image_0000002065639022.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317256.png
rename to docs/cce/umn/en-us_image_0000002065639022.png
diff --git a/docs/cce/umn/en-us_image_0000002065639038.png b/docs/cce/umn/en-us_image_0000002065639038.png
new file mode 100644
index 000000000..1ff19cd39
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002065639038.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950317236.png b/docs/cce/umn/en-us_image_0000002065639042.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317236.png
rename to docs/cce/umn/en-us_image_0000002065639042.png
diff --git a/docs/cce/umn/en-us_image_0000001981436657.png b/docs/cce/umn/en-us_image_0000002065639130.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436657.png
rename to docs/cce/umn/en-us_image_0000002065639130.png
diff --git a/docs/cce/umn/en-us_image_0000001981276821.png b/docs/cce/umn/en-us_image_0000002065639146.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276821.png
rename to docs/cce/umn/en-us_image_0000002065639146.png
diff --git a/docs/cce/umn/en-us_image_0000001981436773.png b/docs/cce/umn/en-us_image_0000002065639162.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436773.png
rename to docs/cce/umn/en-us_image_0000002065639162.png
diff --git a/docs/cce/umn/en-us_image_0000001950317472.png b/docs/cce/umn/en-us_image_0000002065639238.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317472.png
rename to docs/cce/umn/en-us_image_0000002065639238.png
diff --git a/docs/cce/umn/en-us_image_0000001981277037.png b/docs/cce/umn/en-us_image_0000002065639258.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981277037.png
rename to docs/cce/umn/en-us_image_0000002065639258.png
diff --git a/docs/cce/umn/en-us_image_0000001981436901.png b/docs/cce/umn/en-us_image_0000002065639262.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436901.png
rename to docs/cce/umn/en-us_image_0000002065639262.png
diff --git a/docs/cce/umn/en-us_image_0000001981436873.png b/docs/cce/umn/en-us_image_0000002065639282.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436873.png
rename to docs/cce/umn/en-us_image_0000002065639282.png
diff --git a/docs/cce/umn/en-us_image_0000002101396665.png b/docs/cce/umn/en-us_image_0000002101396665.png
new file mode 100644
index 000000000..2e3a339bf
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101396665.png differ
diff --git a/docs/cce/umn/en-us_image_0000001851742760.png b/docs/cce/umn/en-us_image_0000002101594869.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851742760.png
rename to docs/cce/umn/en-us_image_0000002101594869.png
diff --git a/docs/cce/umn/en-us_image_0000001851742792.png b/docs/cce/umn/en-us_image_0000002101594885.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001851742792.png
rename to docs/cce/umn/en-us_image_0000002101594885.png
diff --git a/docs/cce/umn/en-us_image_0000001898023049.png b/docs/cce/umn/en-us_image_0000002101594929.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001898023049.png
rename to docs/cce/umn/en-us_image_0000002101594929.png
diff --git a/docs/cce/umn/en-us_image_0000001897903549.png b/docs/cce/umn/en-us_image_0000002101594945.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897903549.png
rename to docs/cce/umn/en-us_image_0000002101594945.png
diff --git a/docs/cce/umn/en-us_image_0000002101595573.png b/docs/cce/umn/en-us_image_0000002101595573.png
new file mode 100644
index 000000000..f1403c1d1
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101595573.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981274409.gif b/docs/cce/umn/en-us_image_0000002101595681.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274409.gif
rename to docs/cce/umn/en-us_image_0000002101595681.gif
diff --git a/docs/cce/umn/en-us_image_0000001981434361.png b/docs/cce/umn/en-us_image_0000002101595713.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434361.png
rename to docs/cce/umn/en-us_image_0000002101595713.png
diff --git a/docs/cce/umn/en-us_image_0000001981274533.png b/docs/cce/umn/en-us_image_0000002101595737.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274533.png
rename to docs/cce/umn/en-us_image_0000002101595737.png
diff --git a/docs/cce/umn/en-us_image_0000001981275205.png b/docs/cce/umn/en-us_image_0000002101595749.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275205.png
rename to docs/cce/umn/en-us_image_0000002101595749.png
diff --git a/docs/cce/umn/en-us_image_0000001950315012.png b/docs/cce/umn/en-us_image_0000002101595757.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315012.png
rename to docs/cce/umn/en-us_image_0000002101595757.png
diff --git a/docs/cce/umn/en-us_image_0000001981275177.jpg b/docs/cce/umn/en-us_image_0000002101595761.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275177.jpg
rename to docs/cce/umn/en-us_image_0000002101595761.jpg
diff --git a/docs/cce/umn/en-us_image_0000001981274613.png b/docs/cce/umn/en-us_image_0000002101595789.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274613.png
rename to docs/cce/umn/en-us_image_0000002101595789.png
diff --git a/docs/cce/umn/en-us_image_0000001950315060.png b/docs/cce/umn/en-us_image_0000002101595793.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315060.png
rename to docs/cce/umn/en-us_image_0000002101595793.png
diff --git a/docs/cce/umn/en-us_image_0000001950315632.jpg b/docs/cce/umn/en-us_image_0000002101595797.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315632.jpg
rename to docs/cce/umn/en-us_image_0000002101595797.jpg
diff --git a/docs/cce/umn/en-us_image_0000001981274597.png b/docs/cce/umn/en-us_image_0000002101595809.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274597.png
rename to docs/cce/umn/en-us_image_0000002101595809.png
diff --git a/docs/cce/umn/en-us_image_0000001950316032.png b/docs/cce/umn/en-us_image_0000002101595969.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316032.png
rename to docs/cce/umn/en-us_image_0000002101595969.png
diff --git a/docs/cce/umn/en-us_image_0000001950316012.png b/docs/cce/umn/en-us_image_0000002101595997.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316012.png
rename to docs/cce/umn/en-us_image_0000002101595997.png
diff --git a/docs/cce/umn/en-us_image_0000001981274973.png b/docs/cce/umn/en-us_image_0000002101596077.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274973.png
rename to docs/cce/umn/en-us_image_0000002101596077.png
diff --git a/docs/cce/umn/en-us_image_0000001981274989.png b/docs/cce/umn/en-us_image_0000002101596097.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274989.png
rename to docs/cce/umn/en-us_image_0000002101596097.png
diff --git a/docs/cce/umn/en-us_image_0000001981435457.png b/docs/cce/umn/en-us_image_0000002101596161.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435457.png
rename to docs/cce/umn/en-us_image_0000002101596161.png
diff --git a/docs/cce/umn/en-us_image_0000001981275657.png b/docs/cce/umn/en-us_image_0000002101596229.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275657.png
rename to docs/cce/umn/en-us_image_0000002101596229.png
diff --git a/docs/cce/umn/en-us_image_0000001950315260.png b/docs/cce/umn/en-us_image_0000002101596289.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315260.png
rename to docs/cce/umn/en-us_image_0000002101596289.png
diff --git a/docs/cce/umn/en-us_image_0000001981434645.png b/docs/cce/umn/en-us_image_0000002101596297.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434645.png
rename to docs/cce/umn/en-us_image_0000002101596297.png
diff --git a/docs/cce/umn/en-us_image_0000001981435213.png b/docs/cce/umn/en-us_image_0000002101596309.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435213.png
rename to docs/cce/umn/en-us_image_0000002101596309.png
diff --git a/docs/cce/umn/en-us_image_0000001950316248.png b/docs/cce/umn/en-us_image_0000002101596349.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316248.png
rename to docs/cce/umn/en-us_image_0000002101596349.png
diff --git a/docs/cce/umn/en-us_image_0000001981275141.png b/docs/cce/umn/en-us_image_0000002101596357.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275141.png
rename to docs/cce/umn/en-us_image_0000002101596357.png
diff --git a/docs/cce/umn/en-us_image_0000001981434893.png b/docs/cce/umn/en-us_image_0000002101596405.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434893.png
rename to docs/cce/umn/en-us_image_0000002101596405.png
diff --git a/docs/cce/umn/en-us_image_0000001981275437.png b/docs/cce/umn/en-us_image_0000002101596485.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275437.png
rename to docs/cce/umn/en-us_image_0000002101596485.png
diff --git a/docs/cce/umn/en-us_image_0000001981275457.png b/docs/cce/umn/en-us_image_0000002101596489.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275457.png
rename to docs/cce/umn/en-us_image_0000002101596489.png
diff --git a/docs/cce/umn/en-us_image_0000001981275425.png b/docs/cce/umn/en-us_image_0000002101596525.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275425.png
rename to docs/cce/umn/en-us_image_0000002101596525.png
diff --git a/docs/cce/umn/en-us_image_0000001950315452.png b/docs/cce/umn/en-us_image_0000002101596565.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315452.png
rename to docs/cce/umn/en-us_image_0000002101596565.png
diff --git a/docs/cce/umn/en-us_image_0000001950315828.png b/docs/cce/umn/en-us_image_0000002101596637.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315828.png
rename to docs/cce/umn/en-us_image_0000002101596637.png
diff --git a/docs/cce/umn/en-us_image_0000001950315844.png b/docs/cce/umn/en-us_image_0000002101596649.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315844.png
rename to docs/cce/umn/en-us_image_0000002101596649.png
diff --git a/docs/cce/umn/en-us_image_0000001981435269.png b/docs/cce/umn/en-us_image_0000002101596653.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435269.png
rename to docs/cce/umn/en-us_image_0000002101596653.png
diff --git a/docs/cce/umn/en-us_image_0000001981275449.png b/docs/cce/umn/en-us_image_0000002101596661.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275449.png
rename to docs/cce/umn/en-us_image_0000002101596661.png
diff --git a/docs/cce/umn/en-us_image_0000002101597009.png b/docs/cce/umn/en-us_image_0000002101597009.png
new file mode 100644
index 000000000..128cd7977
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597009.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950316676.png b/docs/cce/umn/en-us_image_0000002101597061.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316676.png
rename to docs/cce/umn/en-us_image_0000002101597061.png
diff --git a/docs/cce/umn/en-us_image_0000001981436089.png b/docs/cce/umn/en-us_image_0000002101597065.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436089.png
rename to docs/cce/umn/en-us_image_0000002101597065.png
diff --git a/docs/cce/umn/en-us_image_0000001981276161.png b/docs/cce/umn/en-us_image_0000002101597069.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276161.png
rename to docs/cce/umn/en-us_image_0000002101597069.png
diff --git a/docs/cce/umn/en-us_image_0000001981276269.png b/docs/cce/umn/en-us_image_0000002101597089.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276269.png
rename to docs/cce/umn/en-us_image_0000002101597089.png
diff --git a/docs/cce/umn/en-us_image_0000001981276233.png b/docs/cce/umn/en-us_image_0000002101597121.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276233.png
rename to docs/cce/umn/en-us_image_0000002101597121.png
diff --git a/docs/cce/umn/en-us_image_0000001981276309.png b/docs/cce/umn/en-us_image_0000002101597157.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276309.png
rename to docs/cce/umn/en-us_image_0000002101597157.png
diff --git a/docs/cce/umn/en-us_image_0000001981435225.png b/docs/cce/umn/en-us_image_0000002101597161.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435225.png
rename to docs/cce/umn/en-us_image_0000002101597161.png
diff --git a/docs/cce/umn/en-us_image_0000002101597253.png b/docs/cce/umn/en-us_image_0000002101597253.png
new file mode 100644
index 000000000..fd66f53a0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597253.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981436297.png b/docs/cce/umn/en-us_image_0000002101597285.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436297.png
rename to docs/cce/umn/en-us_image_0000002101597285.png
diff --git a/docs/cce/umn/en-us_image_0000002101597289.png b/docs/cce/umn/en-us_image_0000002101597289.png
new file mode 100644
index 000000000..90126e1ce
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597289.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101597333.png b/docs/cce/umn/en-us_image_0000002101597333.png
new file mode 100644
index 000000000..525526245
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597333.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981436441.png b/docs/cce/umn/en-us_image_0000002101597349.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436441.png
rename to docs/cce/umn/en-us_image_0000002101597349.png
diff --git a/docs/cce/umn/en-us_image_0000002101597397.png b/docs/cce/umn/en-us_image_0000002101597397.png
new file mode 100644
index 000000000..c7d5814a6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597397.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950316896.png b/docs/cce/umn/en-us_image_0000002101597409.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316896.png
rename to docs/cce/umn/en-us_image_0000002101597409.png
diff --git a/docs/cce/umn/en-us_image_0000001950317212.png b/docs/cce/umn/en-us_image_0000002101597461.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317212.png
rename to docs/cce/umn/en-us_image_0000002101597461.png
diff --git a/docs/cce/umn/en-us_image_0000001950317180.png b/docs/cce/umn/en-us_image_0000002101597485.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317180.png
rename to docs/cce/umn/en-us_image_0000002101597485.png
diff --git a/docs/cce/umn/en-us_image_0000001981276817.png b/docs/cce/umn/en-us_image_0000002101597577.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276817.png
rename to docs/cce/umn/en-us_image_0000002101597577.png
diff --git a/docs/cce/umn/en-us_image_0000001950317284.png b/docs/cce/umn/en-us_image_0000002101597645.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317284.png
rename to docs/cce/umn/en-us_image_0000002101597645.png
diff --git a/docs/cce/umn/en-us_image_0000001950317216.png b/docs/cce/umn/en-us_image_0000002101597649.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317216.png
rename to docs/cce/umn/en-us_image_0000002101597649.png
diff --git a/docs/cce/umn/en-us_image_0000002101597653.png b/docs/cce/umn/en-us_image_0000002101597653.png
new file mode 100644
index 000000000..bab094693
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597653.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101597657.png b/docs/cce/umn/en-us_image_0000002101597657.png
new file mode 100644
index 000000000..0d1c589ca
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597657.png differ
diff --git a/docs/cce/umn/en-us_image_0000002101597665.png b/docs/cce/umn/en-us_image_0000002101597665.png
new file mode 100644
index 000000000..fc0707283
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101597665.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981276633.png b/docs/cce/umn/en-us_image_0000002101597689.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276633.png
rename to docs/cce/umn/en-us_image_0000002101597689.png
diff --git a/docs/cce/umn/en-us_image_0000001981436837.png b/docs/cce/umn/en-us_image_0000002101597693.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436837.png
rename to docs/cce/umn/en-us_image_0000002101597693.png
diff --git a/docs/cce/umn/en-us_image_0000001950317344.png b/docs/cce/umn/en-us_image_0000002101597757.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317344.png
rename to docs/cce/umn/en-us_image_0000002101597757.png
diff --git a/docs/cce/umn/en-us_image_0000001981436769.png b/docs/cce/umn/en-us_image_0000002101597765.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436769.png
rename to docs/cce/umn/en-us_image_0000002101597765.png
diff --git a/docs/cce/umn/en-us_image_0000001950317428.png b/docs/cce/umn/en-us_image_0000002101597817.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317428.png
rename to docs/cce/umn/en-us_image_0000002101597817.png
diff --git a/docs/cce/umn/en-us_image_0000001950317436.png b/docs/cce/umn/en-us_image_0000002101597825.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317436.png
rename to docs/cce/umn/en-us_image_0000002101597825.png
diff --git a/docs/cce/umn/en-us_image_0000001981276977.png b/docs/cce/umn/en-us_image_0000002101597829.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276977.png
rename to docs/cce/umn/en-us_image_0000002101597829.png
diff --git a/docs/cce/umn/en-us_image_0000001897903417.png b/docs/cce/umn/en-us_image_0000002101676373.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001897903417.png
rename to docs/cce/umn/en-us_image_0000002101676373.png
diff --git a/docs/cce/umn/en-us_image_0000001981434241.gif b/docs/cce/umn/en-us_image_0000002101677169.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434241.gif
rename to docs/cce/umn/en-us_image_0000002101677169.gif
diff --git a/docs/cce/umn/en-us_image_0000001981434369.png b/docs/cce/umn/en-us_image_0000002101677221.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434369.png
rename to docs/cce/umn/en-us_image_0000002101677221.png
diff --git a/docs/cce/umn/en-us_image_0000001950314996.png b/docs/cce/umn/en-us_image_0000002101677229.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950314996.png
rename to docs/cce/umn/en-us_image_0000002101677229.png
diff --git a/docs/cce/umn/en-us_image_0000001950315008.png b/docs/cce/umn/en-us_image_0000002101677245.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315008.png
rename to docs/cce/umn/en-us_image_0000002101677245.png
diff --git a/docs/cce/umn/en-us_image_0000001981434585.png b/docs/cce/umn/en-us_image_0000002101677269.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981434585.png
rename to docs/cce/umn/en-us_image_0000002101677269.png
diff --git a/docs/cce/umn/en-us_image_0000001981275113.png b/docs/cce/umn/en-us_image_0000002101677281.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275113.png
rename to docs/cce/umn/en-us_image_0000002101677281.png
diff --git a/docs/cce/umn/en-us_image_0000001981274593.png b/docs/cce/umn/en-us_image_0000002101677301.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274593.png
rename to docs/cce/umn/en-us_image_0000002101677301.png
diff --git a/docs/cce/umn/en-us_image_0000001981274745.png b/docs/cce/umn/en-us_image_0000002101677309.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981274745.png
rename to docs/cce/umn/en-us_image_0000002101677309.png
diff --git a/docs/cce/umn/en-us_image_0000001950315856.png b/docs/cce/umn/en-us_image_0000002101677397.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315856.png
rename to docs/cce/umn/en-us_image_0000002101677397.png
diff --git a/docs/cce/umn/en-us_image_0000001950315800.png b/docs/cce/umn/en-us_image_0000002101677421.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315800.png
rename to docs/cce/umn/en-us_image_0000002101677421.png
diff --git a/docs/cce/umn/en-us_image_0000001950316024.png b/docs/cce/umn/en-us_image_0000002101677485.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316024.png
rename to docs/cce/umn/en-us_image_0000002101677485.png
diff --git a/docs/cce/umn/en-us_image_0000001981435425.png b/docs/cce/umn/en-us_image_0000002101677497.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435425.png
rename to docs/cce/umn/en-us_image_0000002101677497.png
diff --git a/docs/cce/umn/en-us_image_0000001981275577.png b/docs/cce/umn/en-us_image_0000002101677513.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981275577.png
rename to docs/cce/umn/en-us_image_0000002101677513.png
diff --git a/docs/cce/umn/en-us_image_0000001950315436.png b/docs/cce/umn/en-us_image_0000002101677557.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315436.png
rename to docs/cce/umn/en-us_image_0000002101677557.png
diff --git a/docs/cce/umn/en-us_image_0000002101677565.png b/docs/cce/umn/en-us_image_0000002101677565.png
new file mode 100644
index 000000000..580ac4c9c
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101677565.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950315464.png b/docs/cce/umn/en-us_image_0000002101677605.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315464.png
rename to docs/cce/umn/en-us_image_0000002101677605.png
diff --git a/docs/cce/umn/en-us_image_0000001950316192.png b/docs/cce/umn/en-us_image_0000002101677721.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316192.png
rename to docs/cce/umn/en-us_image_0000002101677721.png
diff --git a/docs/cce/umn/en-us_image_0000001981435505.png b/docs/cce/umn/en-us_image_0000002101677725.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981435505.png
rename to docs/cce/umn/en-us_image_0000002101677725.png
diff --git a/docs/cce/umn/en-us_image_0000002101677757.png b/docs/cce/umn/en-us_image_0000002101677757.png
new file mode 100644
index 000000000..1909444d2
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101677757.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950315840.png b/docs/cce/umn/en-us_image_0000002101678145.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315840.png
rename to docs/cce/umn/en-us_image_0000002101678145.png
diff --git a/docs/cce/umn/en-us_image_0000001950315916.png b/docs/cce/umn/en-us_image_0000002101678157.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950315916.png
rename to docs/cce/umn/en-us_image_0000002101678157.png
diff --git a/docs/cce/umn/en-us_image_0000001981276081.png b/docs/cce/umn/en-us_image_0000002101678473.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276081.png
rename to docs/cce/umn/en-us_image_0000002101678473.png
diff --git a/docs/cce/umn/en-us_image_0000001981276145.png b/docs/cce/umn/en-us_image_0000002101678517.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276145.png
rename to docs/cce/umn/en-us_image_0000002101678517.png
diff --git a/docs/cce/umn/en-us_image_0000001950316608.png b/docs/cce/umn/en-us_image_0000002101678525.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316608.png
rename to docs/cce/umn/en-us_image_0000002101678525.png
diff --git a/docs/cce/umn/en-us_image_0000001950316596.png b/docs/cce/umn/en-us_image_0000002101678557.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950316596.png
rename to docs/cce/umn/en-us_image_0000002101678557.png
diff --git a/docs/cce/umn/en-us_image_0000001981436113.png b/docs/cce/umn/en-us_image_0000002101678569.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436113.png
rename to docs/cce/umn/en-us_image_0000002101678569.png
diff --git a/docs/cce/umn/en-us_image_0000001981276257.png b/docs/cce/umn/en-us_image_0000002101678573.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276257.png
rename to docs/cce/umn/en-us_image_0000002101678573.png
diff --git a/docs/cce/umn/en-us_image_0000001981436293.png b/docs/cce/umn/en-us_image_0000002101678765.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436293.png
rename to docs/cce/umn/en-us_image_0000002101678765.png
diff --git a/docs/cce/umn/en-us_image_0000001981436301.png b/docs/cce/umn/en-us_image_0000002101678773.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436301.png
rename to docs/cce/umn/en-us_image_0000002101678773.png
diff --git a/docs/cce/umn/en-us_image_0000001981436333.jpg b/docs/cce/umn/en-us_image_0000002101678805.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436333.jpg
rename to docs/cce/umn/en-us_image_0000002101678805.jpg
diff --git a/docs/cce/umn/en-us_image_0000002101678821.png b/docs/cce/umn/en-us_image_0000002101678821.png
new file mode 100644
index 000000000..0f726ec93
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101678821.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981276393.png b/docs/cce/umn/en-us_image_0000002101678825.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276393.png
rename to docs/cce/umn/en-us_image_0000002101678825.png
diff --git a/docs/cce/umn/en-us_image_0000001981276581.png b/docs/cce/umn/en-us_image_0000002101678833.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276581.png
rename to docs/cce/umn/en-us_image_0000002101678833.png
diff --git a/docs/cce/umn/en-us_image_0000001981276441.png b/docs/cce/umn/en-us_image_0000002101678893.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276441.png
rename to docs/cce/umn/en-us_image_0000002101678893.png
diff --git a/docs/cce/umn/en-us_image_0000002101678921.png b/docs/cce/umn/en-us_image_0000002101678921.png
new file mode 100644
index 000000000..1a1990767
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101678921.png differ
diff --git a/docs/cce/umn/en-us_image_0000001950317068.png b/docs/cce/umn/en-us_image_0000002101678937.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317068.png
rename to docs/cce/umn/en-us_image_0000002101678937.png
diff --git a/docs/cce/umn/en-us_image_0000002101678941.png b/docs/cce/umn/en-us_image_0000002101678941.png
new file mode 100644
index 000000000..20255be03
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101678941.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981436461.png b/docs/cce/umn/en-us_image_0000002101678953.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436461.png
rename to docs/cce/umn/en-us_image_0000002101678953.png
diff --git a/docs/cce/umn/en-us_image_0000002101678961.png b/docs/cce/umn/en-us_image_0000002101678961.png
new file mode 100644
index 000000000..911e1a75e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000002101678961.png differ
diff --git a/docs/cce/umn/en-us_image_0000001981436605.png b/docs/cce/umn/en-us_image_0000002101678997.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436605.png
rename to docs/cce/umn/en-us_image_0000002101678997.png
diff --git a/docs/cce/umn/en-us_image_0000001981276741.png b/docs/cce/umn/en-us_image_0000002101679001.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276741.png
rename to docs/cce/umn/en-us_image_0000002101679001.png
diff --git a/docs/cce/umn/en-us_image_0000001981436501.png b/docs/cce/umn/en-us_image_0000002101679081.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436501.png
rename to docs/cce/umn/en-us_image_0000002101679081.png
diff --git a/docs/cce/umn/en-us_image_0000001950317280.png b/docs/cce/umn/en-us_image_0000002101679193.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317280.png
rename to docs/cce/umn/en-us_image_0000002101679193.png
diff --git a/docs/cce/umn/en-us_image_0000001981436701.png b/docs/cce/umn/en-us_image_0000002101679209.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436701.png
rename to docs/cce/umn/en-us_image_0000002101679209.png
diff --git a/docs/cce/umn/en-us_image_0000001981436653.png b/docs/cce/umn/en-us_image_0000002101679217.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436653.png
rename to docs/cce/umn/en-us_image_0000002101679217.png
diff --git a/docs/cce/umn/en-us_image_0000001981276877.png b/docs/cce/umn/en-us_image_0000002101679233.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276877.png
rename to docs/cce/umn/en-us_image_0000002101679233.png
diff --git a/docs/cce/umn/en-us_image_0000001981276889.png b/docs/cce/umn/en-us_image_0000002101679237.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981276889.png
rename to docs/cce/umn/en-us_image_0000002101679237.png
diff --git a/docs/cce/umn/en-us_image_0000001981436829.png b/docs/cce/umn/en-us_image_0000002101679261.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436829.png
rename to docs/cce/umn/en-us_image_0000002101679261.png
diff --git a/docs/cce/umn/en-us_image_0000001981436845.png b/docs/cce/umn/en-us_image_0000002101679273.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436845.png
rename to docs/cce/umn/en-us_image_0000002101679273.png
diff --git a/docs/cce/umn/en-us_image_0000001950317396.png b/docs/cce/umn/en-us_image_0000002101679277.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001950317396.png
rename to docs/cce/umn/en-us_image_0000002101679277.png
diff --git a/docs/cce/umn/en-us_image_0000001981436885.png b/docs/cce/umn/en-us_image_0000002101679293.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001981436885.png
rename to docs/cce/umn/en-us_image_0000002101679293.png